2013-03-12 Lucas Forschler <lforschler@apple.com>
Merge r131315
2012-10-15 Jay Civelli <jcivelli@chromium.org>
Calling WebCore::SharedBuffer::append(data, 0) on a shared buffer when
its current position is at a segment boundary (4096) ends up adding an
unitialized segment (with uninitialized memory) to the SharedBuffer.
https://bugs.webkit.org/show_bug.cgi?id=99000
Reviewed by Adam Barth.
* platform/SharedBuffer.cpp:
(WebCore::SharedBuffer::append):
2013-03-12 Lucas Forschler <lforschler@apple.com>
Merge r131110
2012-10-11 Adam Barth <abarth@webkit.org>
Incorrect/Illegal static cast in FrameView.cpp
https://bugs.webkit.org/show_bug.cgi?id=98943
Reviewed by Eric Seidel.
HTMLFrameElementBase is the common base class for <frame> and <iframe>.
* page/FrameView.cpp:
(WebCore::FrameView::init):
2013-03-12 Lucas Forschler <lforschler@apple.com>
Merge r129583
2012-09-25 Justin Schuh <jschuh@chromium.org>
Mask RenderArena freelist entries.
https://bugs.webkit.org/show_bug.cgi?id=97494
Reviewed by Julien Chaffraix.
This is a mitigation for freelist spraying. See http://download.crowdstrike.com/papers/hes-exploiting-a-coalmine.pdf.
No new tests. This is a hardening measure. Found no measurable performance impact with Dromaeo.
* rendering/RenderArena.cpp:
(MaskPtr):
(WebCore::RenderArena::allocate):
(WebCore::RenderArena::free):
2013-03-12 Lucas Forschler <lforschler@apple.com>
Merge r129186
2012-09-20 Levi Weintraub <leviw@chromium.org>
Prevent reading stale data from InlineTextBoxes
https://bugs.webkit.org/show_bug.cgi?id=94750
Reviewed by Abhishek Arya.
Text from dirty InlineTextBoxes should never be read or used. This change
enforces this design goal by forcefully zero-ing out the start and length
of InlineTextBoxes when they're being marked dirty. Ideally, we'd also
add asserts to the accessors for this data, but there are still several
places in editing that cause this. https://bugs.webkit.org/show_bug.cgi?id=97264
tracks these cases.
This change involves making markDirty virtual. Running the line-layout
performance test as well as profiling resizing the html5 spec showed
negligable impact with this change.
No new tests as this doesn't change any proper behavior.
* dom/Position.cpp:
(WebCore::Position::downstream): Adding a FIXME.
* rendering/InlineBox.h:
(WebCore::InlineBox::markDirty): Marking virtual to allow InlineTextBox to
overload and zero out its start and length.
* rendering/InlineTextBox.cpp:
(WebCore::InlineTextBox::markDirty): Zeroing out the start and length when
we mark the box dirty.
* rendering/InlineTextBox.h:
* rendering/RenderText.cpp:
(WebCore::RenderText::setTextWithOffset): Adding a FIXME.
2013-03-12 Lucas Forschler <lforschler@apple.com>
Merge r128524
2012-09-13 Tom Sepez <tsepez@chromium.org>
ASSERT(!eventDispatchForbidden()) fires when removed plugin re-inserted as part of readyStateChange.
https://bugs.webkit.org/show_bug.cgi?id=93639
Reviewed by Ryosuke Niwa.
Removing a plugin causes a detach which can cancel the last remaining load on a page,
resulting in a readyStateChange event during a time when things are inconsisent. Defer
the detach which triggers this chain of events until after the node is fully removed
from the document's elementsById map.
Test: plugins/plugin-remove-readystatechange.html
* dom/ContainerNode.cpp:
(WebCore::ContainerNode::removeChild):
(WebCore::ContainerNode::removeChildren):
2013-03-12 Lucas Forschler <lforschler@apple.com>
Merge r126063
2012-08-20 Ken Buchanan <kenrb@chromium.org>
Line boxes not being dirtied correctly during inline removal
https://bugs.webkit.org/show_bug.cgi?id=93156
Reviewed by David Hyatt.
When two inline objects were being removed from different lineboxes
in an ancestral RenderBlock, the way the RenderBlock was being marked
prevented the second linebox from being marked dirty. This causes
it to not get layout in the subsequent layout pass.
This patch causes only the descendants corresponding to actual changed
lineboxes to have their ancestorLineBoxDirty bit set, rather than
the RenderBlock that contains the lineboxes themselves.
* rendering/RenderLineBoxList.cpp:
(WebCore::RenderLineBoxList::dirtyLinesFromChangedChild):
2013-03-12 Lucas Forschler <lforschler@apple.com>
Merge r124229
2012-07-31 Antti Koivisto <antti@apple.com>
Crash in FrameLoader::checkLoadComplete with non-browser client app
https://bugs.webkit.org/show_bug.cgi?id=92774
Reviewed by Alexey Proskuryakov..
Speculative fix. It is possible that CSSFontSelector could get deleted during the timer callback
and memory reused, making m_document point to some garbage when it is tested at the end.
* css/CSSFontSelector.cpp:
(WebCore::CSSFontSelector::beginLoadTimerFired):
2013-03-12 Lucas Forschler <lforschler@apple.com>
Merge r123145
2012-07-19 Erik Arvidsson <arv@chromium.org>
Window top should not be replaceable
https://bugs.webkit.org/show_bug.cgi?id=91755
Reviewed by Adam Barth.
Window top is readonly and unforgable and should not be replaceable.
http://www.whatwg.org/specs/web-apps/current-work/multipage/browsers.html#the-window-object
This change brings JSC inline with all other browsers.
No new tests. Modified existing tests.
* page/DOMWindow.idl:
2013-03-07 Lucas Forschler <lforschler@apple.com>
Merge r145013
2013-03-06 Abhishek Arya <inferno@chromium.org>
Crash in SVGViewSpec::viewTarget
https://bugs.webkit.org/show_bug.cgi?id=111648
Reviewed by Philip Rogers.
* svg/SVGViewSpec.cpp:
(WebCore::SVGViewSpec::viewTarget):
2013-03-01 Brady Eidson <beidson@apple.com>
Merge 143815
2013-02-22 Anders Carlsson <andersca@apple.com>
pluginLoadStrategy should take a WKDictionaryRef for extensibility
https://bugs.webkit.org/show_bug.cgi?id=110656
<rdar://problem/13265303>
Reviewed by Jessie Berlin.
Export a symbol needed by WebKit2.
* WebCore.exp.in:
2013-01-30 Lucas Forschler <lforschler@apple.com>
Merge r138606
2013-01-01 Dan Bernstein <mitz@apple.com>
<rdar://problem/12942239> Update copyright strings
Reviewed by Sam Weinig.
* Info.plist:
2012-12-12 Lucas Forschler <lforschler@apple.com>
Merge r137393
2012-12-11 Tim Horton <timothy_horton@apple.com>
-webkit-svg-shadow radius changes don't cause children's boundaries to be recomputed
https://bugs.webkit.org/show_bug.cgi?id=104722
<rdar://problem/12821080>
Reviewed by Simon Fraser.
Changes to -webkit-svg-shadow currently cause a relayout of the directly affected renderer
and its parents, but not its children. However, children have the shadow radius
baked into their cached boundaries, so these need to be invalidated.
Test: svg/repaint/repaint-webkit-svg-shadow-container.html
* rendering/RenderObject.h: Expose needsBoundariesUpdate().
* rendering/svg/RenderSVGContainer.h: Expose needsBoundariesUpdate().
* rendering/svg/RenderSVGImage.h: Expose needsBoundariesUpdate().
* rendering/svg/RenderSVGRoot.h: Expose needsBoundariesUpdate().
* rendering/svg/RenderSVGShape.h: Expose needsBoundariesUpdate().
* rendering/svg/SVGRenderSupport.cpp:
(WebCore::SVGRenderSupport::layoutChildren): If the renderer has a shadow and
is in needs of a boundaries update, mark children as needing boundaries updates too.
2012-11-29 Simon Fraser <simon.fraser@apple.com>
<rdar://problem/12781055>
Merge r136174
2012-11-29 Simon Fraser <simon.fraser@apple.com>
Avoid painting lots of small rects in WebLayer painting
https://bugs.webkit.org/show_bug.cgi?id=103673
Reviewed by Tim Horton.
r109186 added code in drawLayerContents() to enumerate over the rects in
the CALayer's dirty region, and paint them individually. This was done
to help performance on the IE Maze Solver test.
On large, complex pages like Facebook, the overhead of traversing the
RenderLayer tree for painting is such that it's better to paint a single,
or fewer rects rather than lots of little ones.
So adopt a heuristic similar to that in DrawingArea, where if the
combined area of the small rects is 75% or more of the combined rect,
just paint the combined rect. Also paint the combined rect if there
are more than 5 individual rects.
I verified that this preserves the optimization for IE Maze Solver.
* platform/graphics/mac/WebLayer.mm:
(drawLayerContents):
2012-11-28 Lucas Forschler <lforschler@apple.com>
Windows build fix after r134704.
* WebCore.vcproj/WebCore.vcproj:
2012-11-28 Lucas Forschler <lforschler@apple.com>
Merge r135992
2012-11-28 Roger Fong <roger_fong@apple.com>
Initialize identity matrix in SimpleFontData::initGDIFont() properly.
https://bugs.webkit.org/show_bug.cgi?id=103499
<rdar://problem/12400700>
Reviewed by Timothy Horton.
We are incorrectly initializing the matrix passed into GetGlyphOutline.
This patch fixes MAT2 initialization to match the way we initialize the
identity matrix in SimpleFontData::boundsForGDIGlyph and SimpleFontData::widthForGDIGlyph.
* platform/graphics/win/SimpleFontDataWin.cpp:
(WebCore::SimpleFontData::initGDIFont):
2012-11-28 Lucas Forschler <lforschler@apple.com>
Merge r119546
2012-06-05 Stephanie Lewis <slewis@apple.com>
https://bugs.webkit.org/show_bug.cgi?id=88370
Memory sampler should trigger low memory signal
Reviewed by Geoff Garen.
No new tests. Verify by running stress test which crashes
in a few minutes without the fix.
Fix assumption in block code. We could get in a state where timer_event_source
had already been released before the block ran.
* platform/mac/MemoryPressureHandlerMac.mm:
(WebCore::MemoryPressureHandler::holdOff):
2012-11-27 Lucas Forschler <lforschler@apple.com>
Merge r133338
2012-11-02 Anders Carlsson <andersca@apple.com>
Add a PluginInactive plug-in unavailability reason
https://bugs.webkit.org/show_bug.cgi?id=101089
Reviewed by Sam Weinig.
This is to be used by Mac WebKit and WebKit2 shortly.
* English.lproj/Localizable.strings:
* platform/LocalizedStrings.cpp:
(WebCore::inactivePluginText):
(WebCore):
* platform/LocalizedStrings.h:
(WebCore):
* platform/blackberry/LocalizedStringsBlackBerry.cpp:
(WebCore::inactivePluginText):
(WebCore):
* platform/efl/LocalizedStringsEfl.cpp:
(WebCore::inactivePluginText):
(WebCore):
* platform/gtk/LocalizedStringsGtk.cpp:
(WebCore::inactivePluginText):
(WebCore):
* platform/qt/LocalizedStringsQt.cpp:
(WebCore::inactivePluginText):
(WebCore):
* rendering/RenderEmbeddedObject.cpp:
(WebCore::unavailablePluginReplacementText):
* rendering/RenderEmbeddedObject.h:
2012-11-27 Lucas Forschler <lforschler@apple.com>
<rdar://problem/12704510>
Merge r134666
2012-11-14 Mark Lam <mark.lam@apple.com>
Fixed regressions due to adding JSEventListener::m_wrapper null checks.
https://bugs.webkit.org/show_bug.cgi?id=102183.
Reviewed by Geoffrey Garen.
Fixed JSEventListener::operator==() to work within the contract that
when m_wrapper is 0, m_jsFunction is also expected to be 0. Also fixed
some typos in comments.
No new tests.
* bindings/js/JSEventListener.cpp:
(WebCore::JSEventListener::visitJSFunction):
(WebCore::JSEventListener::operator==):
* bindings/js/JSEventListener.h:
(WebCore::JSEventListener::jsFunction):
2012-11-27 Lucas Forschler <lforschler@apple.com>
<rdar://problem/12696290>
Merge r134495
2012-11-13 Mark Lam <mark.lam@apple.com>
JSEventListener should not access m_jsFunction when its wrapper is gone.
https://bugs.webkit.org/show_bug.cgi?id=101985.
Reviewed by Geoffrey Garen.
Added a few null checks for m_wrapper before we do anything with m_jsFunction.
No new tests.
* bindings/js/JSEventListener.cpp:
(WebCore::JSEventListener::initializeJSFunction):
- Removed a now invalid assertion. m_wrapper is expected to have a
valid non-zero value when jsFunction is valid. However, in the case
of JSLazyEventListener (which extends JSEventListener), m_wrapper is
initially 0 when m_jsFunction has not been realized yet. When
JSLazyEventListener::initializeJSFunction() realizes m_jsFunction,
it will set m_wrapper to an appropriate wrapper object.
For this reason, JSEventListener::jsFunction() cannot do the null
check on m_wrapper until after the call to initializeJSFunction.
This, in turns, means that in the case of the non-lazy
JSEventListener, initializeJSFunction() will also be called, and
if the GC has collected the m_wrapper but the JSEventListener has
not been removed yet, it is possible to see a null m_wrapper while
m_jsFunction contains a non-zero stale value.
Hence, this assertion of (m_wrapper || !m_jsFunction) in
JSEventListener::initializeJSFunction() is not always true and
should be removed.
(WebCore::JSEventListener::visitJSFunction):
(WebCore::JSEventListener::operator==):
* bindings/js/JSEventListener.h:
(WebCore::JSEventListener::jsFunction):
2012-11-26 Simon Fraser <simon.fraser@apple.com>
<rdar://problem/12755408>
Merge r135080
2012-11-18 Simon Fraser <simon.fraser@apple.com>
Make convertToLayerCoords iterative, rather than recursive
https://bugs.webkit.org/show_bug.cgi?id=102618
Reviewed by Antti Koivisto.
RenderLayer::convertToLayerCoords() is a hot function on profiles.
Change it to be iterative, rather than recursive, so that the
bulk of the function can be inlined.
Was tested with assertions against the old code during development.
* rendering/RenderLayer.cpp:
(WebCore::accumulateOffsetTowardsAncestor):
(WebCore::RenderLayer::convertToLayerCoords):
2012-11-26 Lucas Forschler <lforschler@apple.com>
Merge r134327
2012-11-12 Roger Fong <roger_fong@apple.com>
Web Inspector: Fix docking behaviour on Windows.
https://bugs.webkit.org/show_bug.cgi?id=101978
Reviewed by Brian Weinstein.
There are a number of problems with docking behaviour on Windows.
For starters, it does not ever constrain the inspector's size properly while docked.
It also does not properly set the whether or not the inspector can be docked/undocked.
This patch fixes both issues.
* inspector/InspectorFrontendClientLocal.cpp:
(WebCore::InspectorFrontendClientLocal::frontendLoaded):
Switch order of calling bringToFront and setDockingUnavailable.
2012-11-26 Simon Fraser <simon.fraser@apple.com>
<rdar://problem/12751360>
Merge r135746
2012-11-26 Simon Fraser <simon.fraser@apple.com>
Optimize layer updates after scrolling
https://bugs.webkit.org/show_bug.cgi?id=102635
Reviewed by Sam Weinig.
updateLayerPositionsAfterScroll() previously unconditionally cleared clip
rects, and recomputed repaint rects too often. Recomputing both of these
can be very expensive, as they involve tree walks up to the root.
We can optimize layer updates after document scrolling by only clearing clip
rects, and recomputing repaint rects, if we encounter a fixed- or sticky-position
element. For overflow scroll, we have to clear clip rects and recompute repaint rects.
* page/FrameView.cpp:
(WebCore::FrameView::repaintFixedElementsAfterScrolling): Call updateLayerPositionsAfterDocumentScroll().
* rendering/RenderLayer.cpp:
(WebCore::RenderLayer::updateLayerPositions): Call clearClipRects() because
updateLayerPosition() no longer does.
(WebCore::RenderLayer::updateLayerPositionsAfterDocumentScroll): Version of updateLayerPositionsAfterScroll()
that is for document scrolls. It has no need to push layers to the geometry map.
(WebCore::RenderLayer::updateLayerPositionsAfterOverflowScroll): Pushes layers to the geometry map,
and calls updateLayerPositionsAfterScroll() with the IsOverflowScroll flag.
(WebCore::RenderLayer::updateLayerPositionsAfterScroll): Set the HasChangedAncestor flag
if our location changed, and use that as a hint to clear cached rects. Be more conservative
than before about when to clear cached clip rects.
(WebCore::RenderLayer::updateLayerPosition): Move responsibility for calling
clearClipRects() ouf of this function and into callers.
(The one caller outside RenderLayer will be removed via bug 102624).
Return a bool indicating whether our position changed.
(WebCore::RenderLayer::scrollTo): Call updateLayerPositionsAfterOverflowScroll().
(WebCore::RenderLayer::updateClipRects): Added some #ifdeffed out code that is useful
to verify that cached clips are correct; it's too slow to leave enabled in debug builds.
* rendering/RenderLayer.h:
(WebCore::RenderLayer::setLocation): Change to take a LayoutPoint, rather than separate
x and y.
2012-11-26 Simon Fraser <simon.fraser@apple.com>
<rdar://problem/12753059>
Merge r135025
2012-11-12 Simon Fraser <simon.fraser@apple.com>
Eliminate ancestor tree walk computing outlineBoundsForRepaint() when updating layer positions
https://bugs.webkit.org/show_bug.cgi?id=101874
Reviewed by Dave Hyatt.
RenderLayer::updateLayerPositions() and updateLayerPositionsAfterScroll() spend a
lot of time in computeRepaintRects(), which does two ancestor tree walks, once
for clippedOverflowRectForRepaint(), and one for outlineBoundsForRepaint().
Eliminate the ancestor tree walk in outlineBoundsForRepaint() by maintaining
a RenderGeometryMap as we traverse the layer tree, and then using it to map
the outline bounds to the repaint container. Replace the hokey cached offsetFromRoot
now that the RenderGeometryMap can do a better job.
The clipped overflow rect cannot be mapped simply, so cannot yet make use of
the geometry map.
Modify the RenderGeometryMap to support mapping to some repaintContainer ancestor.
Add a RenderObject walk that is necessary to detect flipped writing mode blocks.
Pass the RenderGeometryMap as an optional parameter to outlineBoundsForRepaint.
* page/FrameView.cpp:
(WebCore::FrameView::layout): Make a RenderGeometryMap and pass it down
to updateLayerPositions(). For partial layouts, we have to push layers
between the root and the enclosing layer of the layout subtree.
The geometry map used for repainting does not use SnapOffsetForTransforms,
so initialize it explicitly with just the UseTransforms flag.
(WebCore::FrameView::repaintFixedElementsAfterScrolling): Make a RenderGeometryMap
to pass along to updateLayerPositionsAfterScroll().
* rendering/RenderBox.cpp:
(WebCore::RenderBox::outlineBoundsForRepaint): Replace the optional cachedOffsetToRepaintContainer
parameter with an optional RenderGeometryMap, and it use to map the compute rect to
repaintContainer coordinates.
* rendering/RenderBox.h:
* rendering/RenderGeometryMap.cpp:
(WebCore::RenderGeometryMap::RenderGeometryMap): This now has to store the mapping
flags to use, so that its behavior can match that of mapLocalToContainer(). The
pertinent flag is the confusingly named SnapOffsetForTransforms.
(WebCore::RenderGeometryMap::absolutePoint): Call the new mapToContainer() with
a null container.
(WebCore::RenderGeometryMap::absoluteRect): Ditto.
(WebCore::RenderGeometryMap::mapToContainer): Map to the supplied container,
asserting that we found it. Add point- and rect-based mapping methods
akin to the old absoluteRect/absolutePoint.
(WebCore::canMapViaLayer): We need to test for isRenderFlowThread() here too.
(WebCore::RenderGeometryMap::pushMappingsToAncestor): When mapping via
layers, ensure that the RenderView is pushed as the first step.
* rendering/RenderGeometryMap.h:
(RenderGeometryMap):
* rendering/RenderLayer.cpp:
(WebCore::RenderLayer::updateLayerPositionsAfterLayout): New wrapper for updateLayerPositions()
that makes the geometry map.
(WebCore::RenderLayer::updateLayerPositionsAfterScroll): New wrapper for updateLayerPositionsAfterScroll
that makes the geometry map.
(WebCore::RenderLayer::updateLayerPositions): Now takes an optional RenderGeometryMap.
Remove the old offsetFromRoot code. Push and pop layers to/from the geometry map. Use
the geometry map to get the offsetFromRoot as needed by overflow controls. Pass
it to computeRepaintRects().
(WebCore::RenderLayer::computeRepaintRects): Pass the geometry map to outlineBoundsForRepaint().
(WebCore::RenderLayer::updateLayerPositionsAfterScroll): Push and pop to/from the
geometry map, and pass it to computeRepaintRects().
(WebCore::RenderLayer::removeOnlyThisLayer): Remove the offsetFromRootBeforeMove
computation; this could use a geometry map in future if it is shown to be a bottleneck.
* rendering/RenderLayer.h:
(WebCore::RenderLayer::canUseConvertToLayerCoords): It was thought that the isComposited()
was there because the older cached offsetFromRoot logic was sensitive to compositing,
but convertToLayerCoords() is not affected by compositing so this check is not needed,
and actually harmful.
* rendering/RenderLayerCompositor.cpp:
(WebCore::RenderLayerCompositor::OverlapMap::OverlapMap): The geometry map
used for overlap testing should not use SnapOffsetForTransforms, so initialize
it explicitly with just the UseTransforms flag.
* rendering/RenderObject.h:
(WebCore::RenderObject::outlineBoundsForRepaint):
* rendering/svg/RenderSVGModelObject.cpp:
(WebCore::RenderSVGModelObject::outlineBoundsForRepaint):
* rendering/svg/RenderSVGModelObject.h:
(RenderSVGModelObject):
2012-11-26 Lucas Forschler <lforschler@apple.com>
Merge r133834
2012-11-07 Tim Horton <timothy_horton@apple.com>
Repaint issues with -webkit-svg-shadow used on a container
https://bugs.webkit.org/show_bug.cgi?id=65643
<rdar://problem/7600532>
Reviewed by Simon Fraser.
SVG renderer repaint rects are currently expanded only by the shadow of
the renderer itself; however, the area they need to repaint can be larger
than that, if their parents also have shadows. We need to take into account
parent's shadows (respecting transforms, as well).
clippedOverflowRectForRepaint already recurses upwards through the render tree,
and ends up with a rect in layout coordinates, so we manually apply the shadow
at each step (repaintRectInLocalCoordinatesExcludingSVGShadow was added to allow
us to get the raw repaint rect without the shadow baked-in).
repaintRectInLocalCoordinates now includes shadows from all parents.
Also, RenderSVGRoot was clipping repaint rects to the viewport before applying
shadows, so offscreen elements with on-screen shadows (applied by the root) would not paint the shadows.
We can just swap the order of these things to correct this.
Tests: svg/css/parent-shadow-offscreen.svg, svg/css/root-shadow-offscreen.svg, svg/repaint/repaint-webkit-svg-shadow.svg
* rendering/RenderObject.cpp:
(WebCore::RenderObject::addChild): Mark the child being added as having an SVG shadow if it is being added as a child of an element that does.
(WebCore::RenderObject::styleDidChange): Mark the child being added as having an SVG shadow if its new style has a shadow.
* rendering/svg/RenderSVGImage.cpp:
(WebCore::RenderSVGImage::layout): Cache the repaint rect before intersecting it with the shadow.
* rendering/svg/RenderSVGImage.h:
(WebCore::RenderSVGImage::repaintRectInLocalCoordinatesExcludingSVGShadow): Return the cached repaint rect for the renderer without the shadow included.
* rendering/svg/RenderSVGModelObject.cpp:
(WebCore::RenderSVGModelObject::RenderSVGModelObject): Renderers do not have a shadow by default.
* rendering/svg/RenderSVGModelObject.h:
(WebCore::RenderSVGModelObject::repaintRectInLocalCoordinatesExcludingSVGShadow): Return the cached repaint rect for the renderer without the shadow included.
(WebCore::RenderSVGModelObject::hasSVGShadow): Return whether or not the renderer has a shadow.
(WebCore::RenderSVGModelObject::setHasSVGShadow): Set whether or not the renderer has a shadow.
* rendering/svg/RenderSVGRoot.cpp:
(WebCore::RenderSVGRoot::RenderSVGRoot):
(WebCore::RenderSVGRoot::computeFloatRectForRepaint): Apply the shadow before clipping to the viewport, so we draw shadows for elements outside the viewport.
(WebCore::RenderSVGRoot::updateCachedBoundaries): Cache the repaint rect before intersecting it with the shadow.
* rendering/svg/RenderSVGRoot.h:
(WebCore::RenderSVGRoot::hasSVGShadow): Return whether or not the renderer has a shadow.
(WebCore::RenderSVGRoot::setHasSVGShadow): Set whether or not the renderer has a shadow.
(WebCore::RenderSVGRoot::repaintRectInLocalCoordinatesExcludingSVGShadow): Return the cached repaint rect for the renderer without the shadow included.
* rendering/svg/RenderSVGShape.cpp:
(WebCore::RenderSVGShape::updateRepaintBoundingBox): Cache the repaint rect before intersecting it with the shadow.
* rendering/svg/RenderSVGShape.h:
(WebCore::RenderSVGShape::repaintRectInLocalCoordinatesExcludingSVGShadow): Return the cached repaint rect for the renderer without the shadow included.
* rendering/svg/SVGRenderSupport.cpp:
(WebCore::SVGRenderSupport::repaintRectForRendererInLocalCoordinatesExcludingSVGShadow): Return the cached repaint rect for the renderer without the shadow included.
(WebCore::SVGRenderSupport::clippedOverflowRectForRepaint): Apply shadows as we walk through our parents, instead of only applying the renderer's own shadow.
(WebCore::SVGRenderSupport::rendererHasSVGShadow): Return whether or not the renderer has a shadow.
(WebCore::SVGRenderSupport::setRendererHasSVGShadow): Set whether or not the renderer has a shadow.
(WebCore::SVGRenderSupport::intersectRepaintRectWithShadows): Walk through the element's parents, adding shadows to the repaint rect as we go, eventually
transforming the repaint rect back into local coordinates.
(WebCore::SVGRenderSupport::intersectRepaintRectWithResources): Don't add shadows by default, just other resources, so that we can cache repaint rects with and without shadows.
* rendering/svg/SVGRenderSupport.h:
2012-11-26 Lucas Forschler <lforschler@apple.com>
Merge r132924
2012-10-30 Dan Bernstein <mitz@apple.com>
<rdar://problem/12395187> REGRESSION (r121299): OS X Text Replacement forces cursor out of text fields
https://bugs.webkit.org/show_bug.cgi?id=100768
Reviewed by Anders Carlsson.
r121299 introduced code to restore the paragraph range by saving its length and start offset
relative to the document. The latter was obtained by iterating over the range starting at
the beginning of the document and ending at the beginning of the paragraph range. However,
such a range could not be constructed if the paragraph range was contained in a shadow DOM,
since a range must have both its endpoints within the same shadow tree (or not in a shadow
tree).
Test: platform/mac/editing/spelling/autocorrection-in-textarea.html
* editing/Editor.cpp:
(WebCore::Editor::markAndReplaceFor): Changed paragraphStartIndex to be relative to the
root container of paragraphRange, using the same logic used by
checkForDifferentRootContainer() in Range.cpp.
2012-11-18 Simon Fraser <simon.fraser@apple.com>
<rdar://problem/12726004> Chopin: Don't say there are dirty overlay scrollbars when they are clipped out (102609)
Merge r135064
2012-11-17 Simon Fraser <simon.fraser@apple.com>
Don't say there are dirty overlay scrollbars when they are clipped out
https://bugs.webkit.org/show_bug.cgi?id=102609
Reviewed by Brady Eidson.
Painting overlay scrollbars involves a second painting pass over the entire
RenderLayer subtree for a compositing layer, which can be very expensive.
Avoid this when possible by detecting when overflow controls are not in
the damage rect.
* rendering/RenderLayer.cpp:
(WebCore::RenderLayer::rectForHorizontalScrollbar): Compute a local rect
for the horizontal scrollbar.
(WebCore::RenderLayer::rectForVerticalScrollbar): Compute a local rect
for the vertical scrollbar.
(WebCore::RenderLayer::positionOverflowControls): Use rectForHorizontalScrollbar()
and rectForVerticalScrollbar().
(WebCore::RenderLayer::overflowControlsIntersectRect): Return true if any
of the present overflow controls intersect the given local rect.
(WebCore::RenderLayer::paintOverflowControls): Bail if the damage rect
doesn't intersect any of the overflow controls.
* rendering/RenderLayer.h:
(RenderLayer):
2012-11-18 Simon Fraser <simon.fraser@apple.com>
<rdar://problem/12725998> Simplify bounds computation for the RenderView's layer (102597)
Merge r135059
2012-11-17 Simon Fraser <simon.fraser@apple.com>
Simplify bounds computation for the RenderView's layer
https://bugs.webkit.org/show_bug.cgi?id=102597
Reviewed by Anders Carlsson.
Computing the bounds of the main layer (that of the RenderView) used to do
a full RenderLayer walk, taking the union of the bounds of all the sublayers,
which is very expensive on large pages.
For the RenderView we can avoid that entirely and just use the RenderView's
document rect. Since page scaling happens as a transform on this layer,
we want the unscaled document rect.
* rendering/RenderLayer.cpp:
(WebCore::RenderLayer::calculateLayerBounds):
2012-11-18 Simon Fraser <simon.fraser@apple.com>
<rdar://problem/12725980> Fix overlay scrollbar painting in compositing layers (102442)
Merge r135029
2012-11-16 Simon Fraser <simon.fraser@apple.com>
Fix overlay scrollbar painting in compositing layers
https://bugs.webkit.org/show_bug.cgi?id=102442
Reviewed by Beth Dakin.
There were two issues with overlay scrollbar painting in
compositing layers.
First, we'd only ever call setContainsDirtyOverlayScrollbars()
on the RenderView's layer, even when encountering an overlay scrollbar
in some descendant compositing layer. This meant that we'd never
run the paintOverlayScrollbars() code for those child compositing
layers, so sometimes scrollbars were missing there.
Even after fixing that, we would fail to render scrollbars that
were not in the composited RenderLayer itself. This happened because
we called into RenderLayer::paintOverlayScrollbars(), which called
paintLayer() with flags that only said to paint the overlay scrollbars
but not any descendants, so this paint path would not walk child
RenderLayers.
Also remove the containsScrollableAreaWithOverlayScrollbars() flag on
ScrollView which is no longer used.
* platform/ScrollView.cpp:
(WebCore::ScrollView::ScrollView): Remove containsScrollableAreaWithOverlayScrollbars().
(WebCore::ScrollView::paint): Remove setting of m_containsScrollableAreaWithOverlayScrollbars.
* platform/ScrollView.h:
* rendering/RenderLayer.cpp:
(WebCore::RenderLayer::paintOverflowControls): Call setContainsDirtyOverlayScrollbars()
on the compositing ancestor or the root.
Remove call to setContainsScrollableAreaWithOverlayScrollbars().
(WebCore::RenderLayer::paintOverlayScrollbars): When painting overlay
scrollbars, no need to say we have transparency, and no need to use
temporary clip rects.
(WebCore::RenderLayer::paintLayer): The PaintLayerPaintingOverlayScrollbars
check here was only needed because the compositing entrypoint to painting
overlay scrollbars went via paintLayer(), which isn't normally used as
a composited painting entry point. Now that we no longer call that, we
don't need this special check.
* rendering/RenderLayerBacking.cpp:
(WebCore::RenderLayerBacking::paintIntoLayer): Jump into overlay scrollbar
painting via paintLayerContents(), not paintOverlayScrollbars(), since
the latter does not traverse sublayers.
2012-11-18 Simon Fraser <simon.fraser@apple.com>
Prerequisite for <rdar://problem/12725980> Fix overlay scrollbar painting in compositing layers (102442)
Merge r127943
2012-09-07 Simon Fraser <simon.fraser@apple.com>
box-shadow causes overlay scrollbars to be in the wrong position when element is composited
https://bugs.webkit.org/show_bug.cgi?id=85647
Reviewed by James Robinson.
The code that positioned the GraphicsLayers for scrollbars failed to take
into account any offset between the origin of the compositing layer,
and the renderer. This caused scrollbar layers to be misplaced or hidden
on layers with, for example, box-shadows.
Also moved the code that positions the scrollbar layers into RendderLayerBacking,
since this is where all the rest of the GraphicsLayer-positioning code lives.
Renamed an "offsetFromLayer" param to "offsetFromRoot" which is more accurate.
Manual test, since overlay scrollbars are not enabled in DRT/WTR:
ManualTests/scrollbars/scrollbars-in-composited-layers.html
* rendering/RenderLayer.cpp:
(WebCore::RenderLayer::positionOverflowControls):
* rendering/RenderLayerBacking.cpp:
(WebCore::RenderLayerBacking::positionOverflowControlsLayers):
* rendering/RenderLayerBacking.h:
(RenderLayerBacking):
2012-11-16 Andy Estes <aestes@apple.com>
Fix the Mountain Lion build after r135007.
* bindings/js/JSDesktopNotificationsCustom.cpp:
(WebCore::JSNotificationCenter::requestPermission):
2012-11-16 Lucas Forschler <lforschler@apple.com>
Merge r131779
2012-10-18 Jer Noble <jer.noble@apple.com>
Add diagnostic logging to track per-page media engine usage.
https://bugs.webkit.org/show_bug.cgi?id=99615
<rdar://problem/12476473>
Reviewed by Eric Carlson.
Add diagnostic logging triggered only once-per-page and once-per-page-per-engine.
* html/HTMLMediaElement.cpp:
(WebCore::logMediaLoadRequest): Encapsulate diagnostic logging into single static method.
(WebCore::HTMLMediaElement::mediaLoadingFailed): Call logMediaLoadRequest.
(WebCore::HTMLMediaElement::setReadyState): Ditto.
* loader/FrameLoader.cpp:
(WebCore::FrameLoader::dispatchDidCommitLoad): Reset the set of seen media engines.
Add new methods to Page to track per-page media engine diagnostic info, similar to plugin diagnostic info.
* page/Page.cpp:
(WebCore::Page::hasSeenAnyMediaEngine):
(WebCore::Page::hasSeenMediaEngine):
(WebCore::Page::sawMediaEngine):
(WebCore::Page::resetSeenMediaEngines):
* page/Page.h:
Add new static logging key definitions:
* page/DiagnosticLoggingKeys.cpp:
(WebCore::DiagnosticLoggingKeys::pageContainsMediaEngineKey):
(WebCore::DiagnosticLoggingKeys::pageContainsAtLeastOneMediaEngineKey):
* page/DiagnosticLoggingKeys.h:
2012-11-16 Lucas Forschler <lforschler@apple.com>
Merge r131280
2012-10-14 Jon Lee <jonlee@apple.com>
Allow notification origin permission request when no js callback is provided
https://bugs.webkit.org/show_bug.cgi?id=63615
<rdar://problem/11059590>
Reviewed by Sam Weinig.
Instead of throwing a type error when no callback is provided, we pass a null callback.
Test: http/tests/notifications/legacy/request-no-callback.html
* bindings/js/JSDesktopNotificationsCustom.cpp:
(WebCore::JSNotificationCenter::requestPermission):
2012-11-16 Lucas Forschler <lforschler@apple.com>
Merge r130565
2012-10-05 Tim Horton <timothy_horton@apple.com>
[cg] GraphicsContextCG should ask CG whether the shadow offset workaround is required
https://bugs.webkit.org/show_bug.cgi?id=98565
<rdar://problem/12436468>
Reviewed by Simon Fraser.
On Mountain Lion and above, CG can tell us whether we need to work around incorrect
shadow offsets. Prior to Mountain Lion, we should assume we need to apply the workaround.
No new tests, as this requires an obscure configuration to test.
* WebCore.exp.in:
* platform/graphics/cg/GraphicsContextCG.cpp:
(WebCore::applyShadowOffsetWorkaroundIfNeeded):
(WebCore::GraphicsContext::setPlatformShadow):
* platform/mac/WebCoreSystemInterface.h: Add wkCGContextDrawsWithCorrectShadowOffsets.
* platform/mac/WebCoreSystemInterface.mm: Add wkCGContextDrawsWithCorrectShadowOffsets.
2012-11-16 Lucas Forschler <lforschler@apple.com>
Merge r134903
2012-11-15 Jer Noble <jer.noble@apple.com>
Crash at WebCore::PluginData::pluginFileForMimeType const + 38
https://bugs.webkit.org/show_bug.cgi?id=102454
Reviewed by Dan Bernstein.
NULL-check the return value of Page::pluginData().
* loader/SubframeLoader.cpp:
(WebCore::logPluginRequest):
2012-11-15 Andy Estes <aestes@apple.com>
Merge r130266.
2012-10-03 Dominic Mazzoni <dmazzoni@google.com>
AX: Heap-use-after-free when deleting a ContainerNode with an AX object
https://bugs.webkit.org/show_bug.cgi?id=98073
Reviewed by Hajime Morita.
Calls axObjectCache()->remove(this) in ~ContainerNode so that the AX tree
doesn't try to access the container node while walking up the parent chain
from one of the container node's children.
Test: accessibility/container-node-delete-causes-crash.html
* dom/ContainerNode.cpp:
(WebCore::ContainerNode::~ContainerNode):
* dom/Node.cpp:
(WebCore::Node::~Node):
* dom/Node.h:
(WebCore::Node::document):
(WebCore::Node::documentInternal):
2012-11-15 Andy Estes <aestes@apple.com>
Merge r116629 and r127534.
2012-09-04 Sergey Glazunov <serg.glazunov@gmail.com>
Frame element doesn't always unload its child frame.
https://bugs.webkit.org/show_bug.cgi?id=94717
Reviewed by Hajime Morita.
It's possible for a frame element that has been removed from the document
to retain an active child frame. This inconsistent state may become a source
of security vulnerabilities.
The patch adds a global HashSet to store the nodes currently processed by
ChildFrameDisconnector. Insertion into these nodes' subtrees is not allowed until
the processing is complete.
Also, the ChildFrameDisconnector call in removeChild(ren) is now immediately
followed by the actual removal.
Test: fast/frames/out-of-document-iframe-has-child-frame.html
* dom/ContainerNode.cpp:
(WebCore::willRemoveChildren): Move the ChildFrameDisconnector call out of a loop.
(WebCore::ContainerNode::removeChild): Rearrange some event firing code.
(WebCore::ContainerNode::removeChildren): Ditto.
* dom/ContainerNodeAlgorithms.cpp:
(WebCore::ChildFrameDisconnector::collectDescendant): Pass a new parameter to collectDescendant(Node*).
* dom/ContainerNodeAlgorithms.h:
(WebCore::ChildFrameDisconnector::ChildFrameDisconnector):
(ChildFrameDisconnector): Maintain a list of nodes that have an active ChildFrameDisconnector.
(WebCore::ChildFrameDisconnector::~ChildFrameDisconnector):
(WebCore::ChildFrameDisconnector::rootNodes):
(WebCore::ChildFrameDisconnector::collectDescendant): Add ShouldIncludeRoot parameter.
(WebCore::ChildFrameDisconnector::nodeHasDisconnector):
(WebCore):
* dom/Node.cpp:
(WebCore::checkAcceptChild): Reject a parent node if it or one of its parents has an active ChildFrameDisconnector.
* html/HTMLFrameElementBase.cpp:
(WebCore::HTMLFrameElementBase::didNotifySubtreeInsertions): Check if an element is still in the document.
2012-05-10 MORITA Hajime <morrita@google.com>
Remove support for Node::willRemove()
https://bugs.webkit.org/show_bug.cgi?id=55209
Reviewed by Ryosuke Niwa.
This change de-virtualizes Node::willRemove(), gains
5% speedup on Dromaeo dom-modify.
Originally there were 5 willRemove() overrides:
- Element
- HTMLStyleElement
- HTMLSourceElement
- HTMLTrackElement
- HTMLFrameOwnerElement
For first 4 items, this change moves their implementations to
Node::removedFrom() overrides.
Then HTMLFrameOwnerElement is the only class which needs the
notification. Because it emits the "unload" event, it needs some
notification _before_ its removal. To handle that, this change
introduces ChildFrameDisconnector which collects
corresponding decendant elements and disconnect their content frame.
Even though this approach doesn't kill pre-removal tree traversal
completely, it's a bit more efficient due to the de-virtualization.
No new tests. Covered by existing test.
* dom/ContainerNode.cpp:
(WebCore::willRemoveChild): Replaced willRemove() call with ChildFrameDisconnector.
(WebCore::willRemoveChildren): Ditto.
(WebCore::ContainerNode::disconnectDescendantFrames): Added. Used from FrameLoader to replace Document::willRemove() call.
(WebCore):
* dom/ContainerNode.h:
(ContainerNode):
* dom/ContainerNodeAlgorithms.cpp:
(WebCore::ChildFrameDisconnector::collectDescendant):
(WebCore):
(WebCore::ChildFrameDisconnector::Target::disconnect):
* dom/ContainerNodeAlgorithms.h:
(ChildFrameDisconnector):
(Target):
(WebCore::ChildFrameDisconnector::Target::Target):
(WebCore::ChildFrameDisconnector::Target::isValid):
(WebCore):
(WebCore::ChildFrameDisconnector::ChildFrameDisconnector):
(WebCore::ChildFrameDisconnector::collectDescendant):
(WebCore::ChildFrameDisconnector::disconnect):
* dom/Element.cpp:
(WebCore::Element::removedFrom):
* dom/Element.h:
* dom/ElementShadow.cpp:
* dom/ElementShadow.h:
(ElementShadow):
* dom/Node.cpp:
* dom/Node.h: Added IsFrameOwnerElement flag to de-virtualize IsFrameOwnerElement().
(WebCore::Node::isFrameOwnerElement): De-virtualized.
(Node):
* html/HTMLElement.h:
(HTMLElement):
(WebCore::HTMLElement::HTMLElement):
* html/HTMLFrameOwnerElement.cpp:
(WebCore::HTMLFrameOwnerElement::HTMLFrameOwnerElement):
(WebCore::HTMLFrameOwnerElement::disconnectContentFrame): Extracted from original willRemove().
* html/HTMLFrameOwnerElement.h:
(HTMLFrameOwnerElement):
(WebCore::toFrameOwnerElement):
(WebCore):
* html/HTMLMediaElement.cpp:
(WebCore::HTMLMediaElement::sourceWasRemoved): Renamed from sourceWillBeRemoved(), dealing with the timing change.
* html/HTMLMediaElement.h:
(HTMLMediaElement):
(WebCore::isMediaElement):
(WebCore):
(WebCore::toMediaElement):
* html/HTMLSourceElement.cpp:
(WebCore::HTMLSourceElement::removedFrom): Moved some code from willRemove().
* html/HTMLSourceElement.h:
(HTMLSourceElement):
* html/HTMLStyleElement.cpp:
(WebCore::HTMLStyleElement::removedFrom):
(WebCore):
* html/HTMLStyleElement.h:
(HTMLStyleElement):
* html/HTMLTrackElement.cpp:
(WebCore::HTMLTrackElement::removedFrom): Moved some code from willRemove().
* html/HTMLTrackElement.h:
(HTMLTrackElement):
* loader/FrameLoader.cpp:
(WebCore::FrameLoader::clear):
2012-11-15 Lucas Forschler <lforschler@apple.com>
Merge r134083
2012-11-09 Jer Noble <jer.noble@apple.com>
Plugin diagnostic logging should send plugin file basename instead of MIME type.
https://bugs.webkit.org/show_bug.cgi?id=101679
Reviewed by Eric Carlson.
Log the basename of the plugin file rather than the mime type so as to more
accurately log which plugin was used to handle the request.
* loader/SubframeLoader.cpp:
(WebCore::logPluginRequest): Log the plugin 'file' field, if present.
* plugins/PluginData.cpp:
(WebCore::PluginData::pluginInfoForMimeType): Factored out from pluginNameForMimeType.
(WebCore::PluginData::pluginNameForMimeType): Use pluginInfoForMimeType to retrieve name field.
(WebCore::PluginData::pluginFileForMimeType): Use pluginInfoForMimeType to retrieve file field.
* plugins/PluginData.h:
2012-11-15 Lucas Forschler <lforschler@apple.com>
Merge r130449
2012-10-04 Nate Chapin <japhet@chromium.org>
Crash in EventHandler::mouseMoved().
https://bugs.webkit.org/show_bug.cgi?id=98460
Reviewed by Abhishek Arya.
No new tests, this fixes fast/events/mouse-moved-remove-frame-crash.html.
* page/EventHandler.cpp:
(WebCore::EventHandler::mouseMoved):
2012-11-14 Simon Fraser <simon.fraser@apple.com>
<rdar://problem/12705908> Scrolling some versions of the facebook page is very slow
Merge r134737
2012-11-14 Simon Fraser <simon.fraser@apple.com>
Don't use temporary clip rects when hit testing
https://bugs.webkit.org/show_bug.cgi?id=102329
Reviewed by Beth Dakin.
We now cache clip rects separately for painting, hit testing etc. Hit testing
clip rects are always shrunk to exclude scrollbars (so that hit testing on
the scrollbars works), so we no longer every need to use temporary clip rects
during hit testing.
Added an assertion that the scrollbar relevancy when we computed the clip rects
is the same as that when using them.
* rendering/RenderLayer.cpp:
(WebCore::RenderLayer::hitTestLayer):
(WebCore::RenderLayer::updateClipRects):
* rendering/RenderLayer.h:
(WebCore::ClipRectsCache::ClipRectsCache):
(ClipRectsCache):
2012-11-14 Timothy Hatcher <timothy@apple.com>
Merge r134100
2012-10-28 Timothy Hatcher <timothy@apple.com>
Make -webkit-canvas in CSS use the full backing store instead
of always 1x when rendering.
https://bugs.webkit.org/show_bug.cgi?id=100611
Reviewed by Dean Jackson.
Test: fast/canvas/canvas-as-image-hidpi.html
* html/HTMLCanvasElement.cpp:
(WebCore::HTMLCanvasElement::makePresentationCopy): Pass Unscaled to copyImage.
(WebCore::HTMLCanvasElement::copiedImage): Ditto.
* platform/graphics/ImageBuffer.h:
* platform/graphics/cg/ImageBufferCG.cpp:
(WebCore::ImageBuffer::copyImage): Added Scale parameter and use copyNativeImage for Unscaled.
* platform/graphics/cairo/ImageBufferCairo.cpp:
(WebCore::ImageBuffer::copyImage): Added unnamed ScaleBehavior parameter.
* platform/graphics/qt/ImageBufferQt.cpp:
(WebCore::ImageBuffer::copyImage): Ditto.
* platform/graphics/skia/ImageBufferSkia.cpp:
(WebCore::ImageBuffer::copyImage): Ditto.
* platform/graphics/wince/ImageBufferWinCE.cpp:
(WebCore::ImageBuffer::copyImage): Ditto.
* platform/graphics/wx/ImageBufferWx.cpp:
(WebCore::ImageBuffer::copyImage): Ditto.
2012-11-14 Timothy Hatcher <timothy@apple.com>
Merge r134099
2012-10-28 Timothy Hatcher <timothy@apple.com>
Reset the canvas backing store pixel ratio when the buffer resizes.
The backing store was not being recreated using the current page pixel ratio
when a resize occurred.
https://bugs.webkit.org/show_bug.cgi?id=100608
Reviewed by Darin Adler.
Test: fast/canvas/canvas-resize-reset-pixelRatio.html
* html/HTMLCanvasElement.cpp:
(WebCore::HTMLCanvasElement::HTMLCanvasElement): Use targetDeviceScaleFactor.
(WebCore::HTMLCanvasElement::reset): Do a clear only if the pixel ratios also
match. Store the new pixel ratio in m_deviceScaleFactor.
(WebCore::HTMLCanvasElement::targetDeviceScaleFactor): Added.
* html/HTMLCanvasElement.h:
(WebCore::HTMLCanvasElement::setSize): Return early only if the sizes and
pixel ratios match.
2012-11-14 Simon Fraser <simon.fraser@apple.com>
<rdar://problem/12705731> Don't pass a paintingRoot when painting from RenderLayerBacking (102256)
Merge r134642
2012-11-14 Simon Fraser <simon.fraser@apple.com>
Don't pass a paintingRoot when painting from RenderLayerBacking
https://bugs.webkit.org/show_bug.cgi?id=102256
Reviewed by David Hyatt.
The 'paintingRoot' parameter to the RenderLayer paint functions
is used when painting just a subtree (e.g. when painting dragged
selections). There is no need to pass it when a RenderLayerBacking
paints its contents or overlay scrollbars.
Passing it requires an expensive isDescendant() check, so passing
null is more efficient.
* rendering/RenderLayer.h:
(WebCore::RenderLayer::LayerPaintingInfo::LayerPaintingInfo):
* rendering/RenderLayerBacking.cpp:
(WebCore::RenderLayerBacking::paintIntoLayer):
(WebCore::RenderLayerBacking::paintContents):
* rendering/RenderLayerBacking.h:
(RenderLayerBacking):
2012-11-13 Simon Fraser <simon.fraser@apple.com>
<rdar://problem/12705458> Chopin: Avoid calling calculateLayerBounds() and convertToLayerCoords() more than once per layer paint (102031)
Merge r134356
2012-11-12 Simon Fraser <simon.fraser@apple.com>
Avoid calling calculateLayerBounds() and convertToLayerCoords() more than once per layer paint
https://bugs.webkit.org/show_bug.cgi?id=102031
Reviewed by Beth Dakin.
RenderLayer::paintLayerContents() and callees could end up calling convertToLayerCoords()
and calculateLayerBounds() multiple times for painting a single layer.
Keep track of whether we've computed the root-relative bounds and do it on demand.
Compute the offset relative to rootLayer once, and pass it around as an optional parameter
to functions that need it.
* rendering/RenderLayer.cpp:
(WebCore::RenderLayer::paintLayerContents):
(WebCore::RenderLayer::hitTestLayer):
(WebCore::RenderLayer::calculateRects):
(WebCore::RenderLayer::intersectsDamageRect):
(WebCore::RenderLayer::boundingBox):
(WebCore::RenderLayer::calculateLayerBounds):
* rendering/RenderLayer.h:
* rendering/RenderLayerCompositor.cpp:
(WebCore::RenderLayerCompositor::calculateCompositedBounds):
2012-11-13 Simon Fraser <simon.fraser@apple.com>
Prerequisite for <rdar://problem/12705357>.
Merge r134355
2012-11-12 Simon Fraser <simon.fraser@apple.com>
Change calculateLayerBounds() from a static function to a member function
https://bugs.webkit.org/show_bug.cgi?id=102022
Reviewed by Beth Dakin.
calculateLayerBounds() has grown into a substantial function after
starting live as a little utility function, so make it a member function
of RenderLayer, and adjust callers accordingly.
* rendering/RenderLayer.cpp:
(WebCore::RenderLayer::setFilterBackendNeedsRepaintingInRect):
(WebCore::RenderLayer::paintLayerContents):
(WebCore::RenderLayer::calculateLayerBounds):
* rendering/RenderLayer.h:
* rendering/RenderLayerCompositor.cpp:
(WebCore::RenderLayerCompositor::calculateCompositedBounds):
2012-11-13 Simon Fraser <simon.fraser@apple.com>
Merge r134330
2012-11-12 Simon Fraser <simon.fraser@apple.com>
Fix filter dirty rect regression from r134311
https://bugs.webkit.org/show_bug.cgi?id=102002
Reviewed by Beth Dakin.
When rendering with filters, the code can inflate the root-relative
paintDirtyRect in RenderLayer::paintLayerContents(), and my cleanup
broke this behavior.
Fix by making a local copy of LayerPaintingInfo, updating its paintDirtyRect,
and using it for the rest of the function.
* rendering/RenderLayer.cpp:
(WebCore::RenderLayer::paintLayerContents):
2012-11-13 Simon Fraser <simon.fraser@apple.com>
<rdar://problem/12705446> Reduce the crazy number of parameters to RenderLayer painting member functions (101895)
Merge r134311
2012-11-12 Simon Fraser <simon.fraser@apple.com>
Reduce the crazy number of parameters to RenderLayer painting member functions
https://bugs.webkit.org/show_bug.cgi?id=101895
Reviewed by Beth Dakin.
The various RenderLayer::paintLayer* functions took a lot of arguments, most
of which were passed down directly to descendants.
Gather these arguments into a LayerPaintingInfo struct.
* rendering/RenderLayer.cpp:
(WebCore::RenderLayer::paint): Create a LayerPaintingInfo struct to pass
to descendant paint calls.
(WebCore::RenderLayer::paintOverlayScrollbars): Ditto.
(WebCore::RenderLayer::paintLayer): When painting transformed layers, we
make a new LayerPaintingInfo because the root layer is shifted.
(WebCore::RenderLayer::paintLayerContentsAndReflection):
(WebCore::RenderLayer::paintLayerContents):
(WebCore::RenderLayer::paintList):
(WebCore::RenderLayer::paintPaginatedChildLayer):
(WebCore::RenderLayer::paintChildLayerIntoColumns): Create a new LayerPaintingInfo
struct for column painting.
* rendering/RenderLayer.h:
(WebCore::RenderLayer::LayerPaintingInfo::LayerPaintingInfo):
(LayerPaintingInfo):
* rendering/RenderLayerBacking.cpp:
(WebCore::RenderLayerBacking::paintIntoLayer): Build a LayerPaintingInfo
to enter layer painting.
* rendering/RenderReplica.cpp:
(WebCore::RenderReplica::paint): Ditto.
2012-11-13 Simon Fraser <simon.fraser@apple.com>
<rdar://problem/12705577> Save one call to containerForRepaint() when updating layer positions (101856)
Merge r134174
2012-11-10 Simon Fraser <simon.fraser@apple.com>
Save one call to containerForRepaint() when updating layer positions
https://bugs.webkit.org/show_bug.cgi?id=101856
Reviewed by Dan Bernstein.
RenderLayer::updateLayerPositions() has already computed the repaint container,
but calls computeRepaintRects() which computes it again. Computing the repaint
container involves a walk back up the layer tree, so calling it during a tree
traversal is costly.
Fix by passing the repaint container down into computeRepaintRects().
* rendering/RenderLayer.cpp:
(WebCore::RenderLayer::updateLayerPositions):
(WebCore::RenderLayer::computeRepaintRects):
(WebCore::RenderLayer::computeRepaintRectsIncludingDescendants):
(WebCore::RenderLayer::updateLayerPositionsAfterScroll):
(WebCore::RenderLayer::setHasVisibleContent):
* rendering/RenderLayer.h:
(RenderLayer):
2012-11-13 Simon Fraser <simon.fraser@apple.com>
<rdar://problem/12705261> Cache absolute clip rects on RenderLayer for compositing overlap testing (87212)
Merge r119458
2012-06-04 Simon Fraser <simon.fraser@apple.com>
Leaking ClipRects
https://bugs.webkit.org/show_bug.cgi?id=88282
Reviewed by Dan Bernstein.
In r118562 I made the ClipRectsCache use RefPtr<ClipRects>. However, ClipRects
was initialized with m_refCnt=0, not 1 as adoptRef() and friends expect. Also,
there was a manual ref() in RenderLayer::updateClipRects() which this patch removes.
* rendering/RenderLayer.cpp:
(WebCore::RenderLayer::updateClipRects):
* rendering/RenderLayer.h:
(WebCore::ClipRects::ClipRects):
2012-11-13 Simon Fraser <simon.fraser@apple.com>
<rdar://problem/12705261> Cache absolute clip rects on RenderLayer for compositing overlap testing (87212)
Merge r118612
2012-05-26 Simon Fraser <simon.fraser@apple.com>
Clip rects assertion when hovering div with transform
https://bugs.webkit.org/show_bug.cgi?id=87580
Reviewed by Eric Seidel.
Hit testing used to use temporary clip rects in composited documents,
until r118562. Now that we cache clip rects for hit testing, we need
to clear the cache on descendant layers when a layer gains or loses
a transform.
Test: fast/layers/clip-rects-assertion.html
* rendering/RenderLayer.cpp:
(WebCore::RenderLayer::updateTransform):
2012-11-13 Simon Fraser <simon.fraser@apple.com>
<rdar://problem/12705261> Cache absolute clip rects on RenderLayer for compositing overlap testing (87212)
Merge r119458.
2012-05-25 Simon Fraser <simon.fraser@apple.com>
Cache absolute clip rects on RenderLayer for compositing overlap testing
https://bugs.webkit.org/show_bug.cgi?id=87212
Reviewed by Dave Hyatt.
Enhance the cache of ClipRects on RenderLayers to store three
different types of ClipRects, rather than just one.
We need to compute clip rects relative to different layers
for different purposes. For painting, we compute relative to
the compositing layer which is acting as a painting root.
For hit testing, we compute relative to the root, except
for transformed layers. For composting overlap testing, we
compute relative to the root ("absolute"). At other times, we do one-off
computation which we never want to cache ("temporary clip rects").
This change allows us to cache rects for hit testing, and for
compositing overlap testing. This has huge performance benefits
on some pages (bug 84410).
This change also makes ClipRects not arena-allocated, so we
can use RefPtr<ClipRect>.
No testable behavior change.
* rendering/RenderBoxModelObject.cpp:
(WebCore::RenderBoxModelObject::willBeDestroyed): No need for the
explicit clipRects teardown, since clipRects don't need a live
RenderObject for arena-based destruction.
* rendering/RenderLayer.cpp: Remove arena-related new and delete.
(WebCore::RenderLayer::RenderLayer): No need to explicitly initialize m_clipRects,
since it's an OwnPtr now.
(WebCore::RenderLayer::~RenderLayer): No explicit clipRect teardown required.
(WebCore::RenderLayer::clippingRootForPainting): Renamed to make its purpose
more obvious.
(WebCore::RenderLayer::paintLayer): Use the TemporaryClipRects type when necessary.
(WebCore::RenderLayer::paintLayerContents): Ditto
(WebCore::RenderLayer::hitTestLayer): No longer need to use temporary clipRects when
hit testing since we cache clip rects for hit testing.
(WebCore::RenderLayer::updateClipRects): Take a ClipRectsType and pass it through.
(WebCore::RenderLayer::calculateClipRects): Ditto
(WebCore::RenderLayer::parentClipRects): Ditto
(WebCore::RenderLayer::backgroundClipRect): Ditto
(WebCore::RenderLayer::calculateRects): Take ClipRectsType, which obviates temporaryClipRects.
(WebCore::RenderLayer::childrenClipRect): Use clippingRootForPainting().
(WebCore::RenderLayer::selfClipRect): Ditto
(WebCore::RenderLayer::localClipRect): Ditto
(WebCore::RenderLayer::clearClipRectsIncludingDescendants): Take a type of clip rect to clear
(include all). Allows us to just clear painting clip rects.
(WebCore::RenderLayer::clearClipRects):
* rendering/RenderLayer.h:
(WebCore::ClipRects::create): We don't use RefCounted<> in order to use a bit in
the refCount for a flag. Add create() method.
(WebCore::ClipRects::deref): No longer arena-allocated.
(WebCore::ClipRectsCache::ClipRectsCache): Struct that holds a small
array of the 3 types of clipRects (and, in debug, the layer relative
to which they were computed).
(WebCore::RenderLayer::clipRects):
* rendering/RenderLayerBacking.cpp:
(WebCore::RenderLayerBacking::updateCompositedBounds): Use AbsoluteClipRects; rootLayer
is always the RenderView's layer here.
(WebCore::RenderLayerBacking::updateGraphicsLayerGeometry): Use TemporaryClipRects.
(WebCore::RenderLayerBacking::setRequiresOwnBackingStore): When this variable changes,
we need to invalidate painting clipRects, since it affects the ancestor relative to which
those rects are computed.
* rendering/RenderLayerBacking.h:
* rendering/RenderLayerCompositor.cpp:
(WebCore::RenderLayerCompositor::updateBacking): When the composited state
of a layer changes, we have to clear all descendant clip rects, since this
can affect the layers relative to which clip rects are computed.
(WebCore::RenderLayerCompositor::addToOverlapMap): Use AbsoluteClipRects.
(WebCore::RenderLayerCompositor::computeCompositingRequirements): No need
to call updateLayerPosition(), since that should have always happened after
layout. That call cleared clip rects, so removing it is very beneficial.
(WebCore::RenderLayerCompositor::clippedByAncestor): Use TemporaryClipRects.
* rendering/RenderTreeAsText.cpp:
(WebCore::writeLayers): Use TemporaryClipRects.
2012-11-13 Simon Fraser <simon.fraser@apple.com>
<rdar://problem/12705190> Terrible performance on http://alliances.commandandconquer.com/ and http://www.lordofultima.com/ and App Store (84410)
Merge r118567, r118617, r118957, r119172, r121124, r121130, r121306, r121446, r122376, r122653 (partial), r122802 (partial),
r133248
2012-11-01 Tien-Ren Chen <trchen@chromium.org>
Fix assertion failure in RenderGeometryMap::absoluteRect when frame scale != 1.0
https://bugs.webkit.org/show_bug.cgi?id=100912
Reviewed by Simon Fraser.
Frame scale will add transformation to RenderView, so fixed position doesn't
get propagated up to the viewport by RenderGeometryMap. This is handled
correctly in RenderView::mapLocalToContainer, causing the assertion to fail.
This patch corrects RenderGeometryMap::mapToAbsolute to handle the RenderView
transformation case.
A layout test is added to catch this issue. The test will crash debug build
without this patch.
Test: compositing/geometry/fixed-position-composited-page-scale-scroll.html
* rendering/RenderGeometryMap.cpp:
(WebCore::RenderGeometryMap::mapToAbsolute):
2012-07-16 Kiran Muppala <cmuppala@apple.com>
REGRESSION: RenderInline::absoluteQuads produces incorrect results for fixed position.
https://bugs.webkit.org/show_bug.cgi?id=91451
Reviewed by Simon Fraser.
RenderInline::absoluteQuads relies on copies of RenderGeometryMap,
created indirectly by passing AbsoluteQuadsGeneratorContext object by
value. These copies are unsafe because the individual transform steps
within the geometry map include a owned poitner to their respective
transform.
Modify the callee methods to take context by reference and disable
copy constructor for RenderGeometryMap.
Test: fast/inline/inline-fixed-position-boundingbox.html
* rendering/RenderGeometryMap.h:
(WebCore::RenderGeometryMapStep::RenderGeometryMapStep): Add missing
m_offset to copy constructor initialization list.
(RenderGeometryMap): Disable copy constructor.
* rendering/RenderInline.cpp: Pass context object by reference.
(WebCore::RenderInline::generateLineBoxRects):
(WebCore::RenderInline::generateCulledLineBoxRects):
(WebCore::RenderInline::absoluteRects):
(WebCore::RenderInline::absoluteQuads):
(WebCore::RenderInline::linesBoundingBox):
(WebCore::RenderInline::culledInlineVisualOverflowBoundingBox):
(WebCore::RenderInline::addFocusRingRects):
* rendering/RenderInline.h:
(RenderInline::generateLineBoxRects): Update method declarations to
show pass by reference context parameter.
(RenderInline::generateCulledLineBoxRects): Ditto.
2012-07-13 Kiran Muppala <cmuppala@apple.com>
REGRESSION: RenderInline boundingBox ignores relative position offset
https://bugs.webkit.org/show_bug.cgi?id=91168
Reviewed by Simon Fraser.
RenderGeometryMap, used for caching the transform to the view,
expects the first mapping pushed, to be that of the view itself.
RenderInline was instead pushing it's own offset first. Besides
the offset of the view itself was not being pushed.
Relaxed the RenderGeometryMap restriction that the first pushed
step should be of the view. It is sufficient that the view's mapping
is pushed in the first call to pushMappingsToAncestor. Modified
RenderInline to push the offset of the view also to the geometry map.
Test: fast/inline/inline-relative-offset-boundingbox.html
* rendering/RenderGeometryMap.cpp:
(WebCore::RenderGeometryMap::pushMappingsToAncestor): Add assertion to
check if mapping to view was pushed in first invocation.
(WebCore::RenderGeometryMap::pushView): Correct assertion that checks
if the view's mapping is the first one to be applied.
(WebCore::RenderGeometryMap::stepInserted): Use isRenderView to check if
a mapping step belongs to a view instead of using mapping size.
(WebCore::RenderGeometryMap::stepRemoved): Ditto.
* rendering/RenderInline.cpp:
(WebCore::(anonymous namespace)::AbsoluteQuadsGeneratorContext::AbsoluteQuadsGeneratorContext):
Push mappings all the way up to and including the view.
2012-07-10 Simon Fraser <simon.fraser@apple.com>
Assertion ASSERTION FAILED: enclosingIntRect(rendererMappedResult) == enclosingIntRect(FloatQuad(result).boundingBox()) when compositing in paginated mode
https://bugs.webkit.org/show_bug.cgi?id=90919
Reviewed by Antti Koivisto.
r121124 added a fast path for geometry mapping that goes via layers
when possible. However, this broke paginated pages, which put
the root (RenderView) layer into column mode, because it failed
to check for columns on the ancestor layer.
Rather than make a risky change to convertToLayerCoords(), add a local
function canMapViaLayer(), which is like RenderLayer::canUseConvertToLayerCoords(),
but doesn't check for compositing (compositing itself is not a reason
to avoid convertToLayerCoords). Call canMapViaLayer() with the ancestorLayer
to check whether the ancestor has columns, which fixes the bug.
Test: compositing/columns/geometry-map-paginated-assert.html
* rendering/RenderGeometryMap.cpp:
(WebCore::canMapViaLayer):
(WebCore::RenderGeometryMap::pushMappingsToAncestor):
2012-06-28 Antti Koivisto <antti@apple.com>
Don't malloc RenderGeometryMap steps individually
https://bugs.webkit.org/show_bug.cgi?id=90074
Reviewed by Simon Fraser.
Mallocs and frees for steps under RenderGeometryMap::pus/popMappingsToAncestor can total ~2% of the profile when animating transforms.
* rendering/RenderGeometryMap.cpp:
(WebCore):
(WebCore::RenderGeometryMap::absolutePoint):
(WebCore::RenderGeometryMap::absoluteRect):
(WebCore::RenderGeometryMap::mapToAbsolute):
(WebCore::RenderGeometryMap::push):
(WebCore::RenderGeometryMap::pushView):
(WebCore::RenderGeometryMap::popMappingsToAncestor):
* rendering/RenderGeometryMap.h:
(WebCore):
(WebCore::RenderGeometryMapStep::RenderGeometryMapStep):
Move to header.
(RenderGeometryMapStep):
(RenderGeometryMap):
Make the step vector hold RenderGeometryMapSteps instead of RenderGeometryMapStep*'s.
(WTF):
Give RenderGeometryMapSteps SimpleClassVectorTraits. This is needed for dealing with OwnPtr in the struct (and makes it faster too).
The type is simple enought to move by memcpy.
2012-06-26 Simon Fraser <simon.fraser@apple.com>
Optimize mappings of simple transforms in RenderGeometryMap
https://bugs.webkit.org/show_bug.cgi?id=90034
Reviewed by Dean Jackson.
For transforms that are identity or simple translations, don't
fall off the fast path in RenderGeometryMap; we can just
treat them as offsets.
Improves performance on pages with lots of translateZ(0) elements.
Remove RenderGeometryMapStep::mapPoint() and mapQuad(), which
were unused.
No new tests; optimization only, and tested by assertions.
* rendering/RenderGeometryMap.cpp:
(WebCore::RenderGeometryMap::push):
2012-06-24 Antti Koivisto <antti@apple.com>
REGRESSION(r121124): LayoutTests/fast/block/inline-children-root-linebox-crash.html asserts
https://bugs.webkit.org/show_bug.cgi?id=89844
Reviewed by Dan Bernstein.
We need to check for the flipped writing mode and take the slow path if it is used.
* rendering/RenderGeometryMap.cpp:
(WebCore::RenderGeometryMap::pushMappingsToAncestor):
2012-06-24 Antti Koivisto <antti@apple.com>
Optimize RenderGeometryMap mappings gathering
https://bugs.webkit.org/show_bug.cgi?id=89828
Reviewed by Simon Fraser.
RenderGeometryMap currently gathers mappings by climbing the rendering tree. This is slow and can produce
large number of mapping steps. In the common case we already have the child layer coordinates available in
the layer tree and we can just use that.
The combination of faster mappings gathering and fewer number of applying steps reduces time spent under
RenderLayerCompositor::computeCompositingRequirements to less than half when scrolling the mobile version
of twitter.com.
* rendering/RenderGeometryMap.cpp:
(WebCore):
(WebCore::RenderGeometryMap::pushMappingsToAncestor):
Use pre-computed mapping from the layer tree when possible.
(WebCore::RenderGeometryMap::popMappingsToAncestor):
* rendering/RenderGeometryMap.h:
Add some inline capacity.
(WebCore):
(RenderGeometryMap):
* rendering/RenderLayer.h:
(WebCore::RenderLayer::canUseConvertToLayerCoords):
(RenderLayer):
* rendering/RenderLayerCompositor.cpp:
(WebCore::RenderLayerCompositor::addToOverlapMapRecursive):
(WebCore::RenderLayerCompositor::computeCompositingRequirements):
2012-05-31 Simon Fraser <simon.fraser@apple.com>
RenderLayerCompositor cleanup: make RenderGeometryMap part of the OverlapMap
https://bugs.webkit.org/show_bug.cgi?id=88021
Reviewed by James Robinson.
We only ever use the RenderGeometryMap when we have an OverlapMap, so make
it a member of the OverlapMap.
No behavior change.
* rendering/RenderLayerCompositor.cpp:
(RenderLayerCompositor::OverlapMap):
(WebCore::RenderLayerCompositor::OverlapMap::geometryMap):
(WebCore::RenderLayerCompositor::updateCompositingLayers):
(WebCore::RenderLayerCompositor::addToOverlapMap):
(WebCore::RenderLayerCompositor::addToOverlapMapRecursive):
(WebCore::RenderLayerCompositor::computeCompositingRequirements):
* rendering/RenderLayerCompositor.h:
(WebCore):
(RenderLayerCompositor):
2012-05-29 Adrienne Walker <enne@google.com>
Transformed fixed position layers have an incorrect overlap map entry
https://bugs.webkit.org/show_bug.cgi?id=64201
Reviewed by Darin Adler.
Previously, layers that both had a transform and were fixed position
were not considered as being fixed position in RenderGeometryMap or in
RenderBox::mapLocalToContainer (although this case is not incorrect in
the case of painting, so an external caller likely adjusts for this).
Tests: compositing/layer-creation/fixed-position-and-transform.html
compositing/layer-creation/fixed-position-under-transform.html
* rendering/RenderBox.cpp:
(WebCore::RenderBox::mapLocalToContainer):
* rendering/RenderGeometryMap.cpp:
(WebCore::RenderGeometryMap::mapToAbsolute):
2012-05-26 Simon Fraser <simon.fraser@apple.com>
fast/block/inline-children-root-linebox-crash.html asserts after r118567
https://bugs.webkit.org/show_bug.cgi?id=87544
Reviewed by Darin Adler.
Remove fast/block/inline-children-root-linebox-crash.html from the skipped
list.
New, more complex writing mode flipping test with compositing.
* compositing/geometry/flipped-blocks-inline-mapping-expected.txt: Added.
* compositing/geometry/flipped-blocks-inline-mapping.html: Added.
* platform/mac/Skipped:
2012-05-25 Simon Fraser <simon.fraser@apple.com>
Terrible performance on http://alliances.commandandconquer.com/ and http://www.lordofultima.com/https://bugs.webkit.org/show_bug.cgi?id=84410
Reviewed by Dave Hyatt.
First part of fixing O(N^2) issues when walking the RenderLayer tree
for computeCompositingRequirements().
For each layer that goes into the OverlapMap, we were computing an absolute
layer bounds, which requires walking back to the root of the tree.
Optimize this when possible by storing a stack of offsets as we walk
the tree, and using this stack to do the mapping.
The stack of offsets and transforms is managed by RenderGeometryMap.
When visiting a RenderLayer, RenderLayerCompositor pushes onto
the geometry map stack data about offsets and transforms between
the current layer and its stacking-parent. RenderGeometryMap handles
the case where the previous renderer pushed is between the current
renderer and its container. RenderGeometryMap can also handle callers
pushing renderers with multiple containers between them.
RenderGeometryMap stores some flags about whether the set of mapping
steps in the stack involve transforms, fixed position, or special non-uniform
mappings like CSS columns. In some cases, it falls back to mapping via
renderers.
Once constructed, the RenderGeometryMap stack can be used to map multiple
rects or points efficiently. Stacks consisting of simple offsets are
collapsed to a single offset.
Mappings between renderers and their containers are pushed by pushMappingToContainer()
methods, which are similar to mapLocalToContainer() methods. Having this code
in RenderObjects was deemed preferable to handling columns, transforms etc. all in
RenderLayer code.
Tested by assertions in RenderGeometryMap code that its mapping matches
mapping via localToAbsolute() calls.
RenderLayerCompositor::updateCompositingLayers() creates a RenderGeometryMap,
and pushes and pops layer renderers as it visits them. The geometry map is used
by RenderLayerCompositor::addToOverlapMap() when computing absolute layer bounds.
Futher optimizations in RenderGeometryMap are possible, especially with stacks that
have many offsets and a few transforms.
Tests: compositing/geometry/composited-in-columns.html
compositing/geometry/flipped-writing-mode.html
* CMakeLists.txt: Add RenderGeometryMap
* GNUmakefile.list.am: Ditt
* Target.pri: Ditto
* WebCore.gypi: Ditto
* WebCore.vcproj/WebCore.vcproj: Ditto
* WebCore.xcodeproj/project.pbxproj: Ditto
* rendering/RenderBox.cpp:
(WebCore::RenderBox::absoluteContentBox):
(WebCore::RenderBox::pushMappingToContainer):
(WebCore::RenderBox::offsetFromContainer):
* rendering/RenderBox.h:
* rendering/RenderGeometryMap.cpp: Added.
(RenderGeometryMapStep):
(WebCore::RenderGeometryMapStep::RenderGeometryMapStep):
(WebCore::RenderGeometryMapStep::mapPoint):
(WebCore::RenderGeometryMapStep::mapQuad):
(WebCore::RenderGeometryMap::RenderGeometryMap):
(WebCore::RenderGeometryMap::~RenderGeometryMap):
(WebCore::RenderGeometryMap::absolutePoint):
(WebCore::RenderGeometryMap::absoluteRect):
(WebCore::RenderGeometryMap::mapToAbsolute):
(WebCore::RenderGeometryMap::pushMappingsToAncestor):
(WebCore::RenderGeometryMap::push):
(WebCore::RenderGeometryMap::pushView):
(WebCore::RenderGeometryMap::popMappingsToAncestor):
(WebCore::RenderGeometryMap::stepInserted):
(WebCore::RenderGeometryMap::stepRemoved):
* rendering/RenderGeometryMap.h: Added.
(RenderGeometryMap):
(WebCore::RenderGeometryMap::hasNonUniformStep):
(WebCore::RenderGeometryMap::hasTransformStep):
(WebCore::RenderGeometryMap::hasFixedPositionStep):
* rendering/RenderInline.cpp:
(WebCore::RenderInline::offsetFromContainer):
(WebCore::RenderInline::pushMappingToContainer):
* rendering/RenderInline.h:
(RenderInline):
* rendering/RenderLayerCompositor.cpp:
(WebCore::RenderLayerCompositor::updateCompositingLayers):
(WebCore::RenderLayerCompositor::addToOverlapMap):
(WebCore::RenderLayerCompositor::addToOverlapMapRecursive):
(WebCore::RenderLayerCompositor::computeCompositingRequirements):
* rendering/RenderLayerCompositor.h:
(RenderLayerCompositor):
* rendering/RenderObject.cpp:
(WebCore::RenderObject::mapLocalToContainer):
(WebCore::RenderObject::pushMappingToContainer):
(WebCore::RenderObject::offsetFromContainer):
(WebCore::RenderObject::container):
* rendering/RenderObject.h:
* rendering/RenderTableCell.cpp:
(WebCore::RenderTableCell::offsetFromContainer):
* rendering/RenderTableCell.h:
(RenderTableCell):
* rendering/RenderView.cpp:
(WebCore::RenderView::pushMappingToContainer):
* rendering/RenderView.h:
* rendering/svg/RenderSVGForeignObject.cpp:
(WebCore::RenderSVGForeignObject::pushMappingToContainer):
* rendering/svg/RenderSVGForeignObject.h:
(RenderSVGForeignObject):
* rendering/svg/RenderSVGInline.cpp:
(WebCore::RenderSVGInline::pushMappingToContainer):
* rendering/svg/RenderSVGInline.h:
(RenderSVGInline):
* rendering/svg/RenderSVGModelObject.cpp:
(WebCore::RenderSVGModelObject::pushMappingToContainer):
* rendering/svg/RenderSVGModelObject.h:
(RenderSVGModelObject):
* rendering/svg/RenderSVGRoot.cpp:
(WebCore::RenderSVGRoot::pushMappingToContainer):
* rendering/svg/RenderSVGRoot.h:
(RenderSVGRoot):
* rendering/svg/RenderSVGText.cpp:
(WebCore::RenderSVGText::pushMappingToContainer):
* rendering/svg/RenderSVGText.h:
(RenderSVGText):
* rendering/svg/SVGRenderSupport.cpp:
(WebCore::SVGRenderSupport::pushMappingToContainer):
* rendering/svg/SVGRenderSupport.h:
(SVGRenderSupport):
2012-11-14 Beth Dakin <bdakin@apple.com>
Merge r134348
2012-11-12 Beth Dakin <bdakin@apple.com>
https://bugs.webkit.org/show_bug.cgi?id=101787
Zoomed-in scrolling is very slow when deviceScaleFactor > 1
Reviewed by Simon Fraser.
This patch adds a new member to the GraphicsContextState that tracks
whether or not fonts should be subpixel-quantized. We want to default
to sibpixel-quantizing, but we'll turn it off if we're scrolling
content that cannot be scrolled on the scrolling thread.
State has a new bool shouldSubpixelQuantizeFonts. It defaults to true
since normally we do want to quantize.
* platform/graphics/GraphicsContext.cpp:
(WebCore::GraphicsContext::setShouldSubpixelQuantizeFonts):
(WebCore::GraphicsContext::shouldSubpixelQuantizeFonts):
* platform/graphics/GraphicsContext.h:
(WebCore::GraphicsContextState::GraphicsContextState):
(GraphicsContextState):
(GraphicsContext):
wkSetCGFontRenderingMode now takes a BOOL parameter which indicates
whether or not it should try to subpixel-quantize the fonts.
* platform/graphics/mac/FontMac.mm:
(WebCore::Font::drawGlyphs):
* platform/mac/WebCoreSystemInterface.h:
* platform/mac/WebCoreSystemInterface.mm:
Disable subpixel-quantization for overflow areas, subframes, and
content that is scrolling on the main thread.
* rendering/RenderLayer.cpp:
(WebCore::RenderLayer::paintLayerContents):
2012-11-13 Lucas Forschler <lforschler@apple.com>
Merge r127508
2012-09-04 Michael Saboff <msaboff@apple.com>
equal() in CSSParser.cpp should check the length of characters
https://bugs.webkit.org/show_bug.cgi?id=95706
Reviewed by Abhishek Arya.
Pass the length of string literals to CSSParser static functions equal() and
equalIgnoringCase() so that checks won't access out of bounds memory.
Added test fast/css/crash-comparing-equal.html.
* css/CSSParser.cpp:
(WebCore::equal): Use template to retrieve the length of string literal.
(WebCore::equalIgnoringCase): Ditto.
(WebCore::CSSParser::parseDashboardRegions): Use const char[] instead of const char*
2012-11-13 Lucas Forschler <lforschler@apple.com>
Merge r123433
2012-07-24 Kentaro Hara <haraken@chromium.org>
[JSC] REGRESSION(r122912): CodeGeneratorJS.pm should not
implicitly assume ScriptExecutionContext for static attributes
https://bugs.webkit.org/show_bug.cgi?id=91924
Reviewed by Adam Barth.
r122912 implemented static attributes in CodeGeneratorJS.pm.
However, the generated code assumes that static attributes
always require ScriptExecutionContext, which is wrong.
If we need a ScriptExecutionContext, we should specify
[CallWith=ScriptExecutionContext].
This patch fixes CodeGeneratorJS.pm so that static attributes
do not assume ScriptExecutionContext. This fix aligns with
the fix in CodeGeneratorV8.pm in r123308.
Test: bindings/scripts/test/TestObj.idl
* bindings/scripts/CodeGeneratorJS.pm:
(GenerateImplementation):
* bindings/scripts/test/JS/JSTestInterface.cpp:
(WebCore::jsTestInterfaceConstructorSupplementalStaticReadOnlyAttr):
(WebCore::jsTestInterfaceConstructorSupplementalStaticAttr):
(WebCore::setJSTestInterfaceConstructorSupplementalStaticAttr):
* bindings/scripts/test/JS/JSTestObj.cpp:
(WebCore::jsTestObjConstructorStaticReadOnlyIntAttr):
(WebCore::jsTestObjConstructorStaticStringAttr):
(WebCore::setJSTestObjConstructorStaticStringAttr):
2012-11-13 Lucas Forschler <lforschler@apple.com>
Merge r122912
2012-07-17 Jon Lee <jonlee@apple.com>
Teach CodeGenerator to support for static, readonly, attributes
https://bugs.webkit.org/show_bug.cgi?id=88920
<rdar://problem/11650330>
Reviewed by Oliver Hunt.
Update the parser to be able to accept the static keyword for attribute. We will treat static attributes
like custom static functions. They call the implementing class directly, and pass in the ExecState as a script context.
* bindings/scripts/CodeGeneratorJS.pm:
(GetAttributeGetterName): Factor out the construction of the attribute getter function name.
(GetAttributeSetterName): Factor out the construction of the attribute setter function name.
(GenerateHeader): Determine that a class has read-write properties only if there is a read-write attribute that
is not static.
(GenerateAttributesHashTable): Skip static attributes in the object hash table. They will be added to the constructor
hash table.
(GenerateImplementation): Look for static attributes to add to the constructor hash table. Make a call to the static
function in the class.
* bindings/scripts/IDLParser.pm:
(ParseInterface): Update the processing because of the regex change.
* bindings/scripts/IDLStructure.pm: Update the attribute regex.
* bindings/scripts/test/JS/JSTestObj.cpp: Update test results.
* bindings/scripts/test/JS/JSTestObj.h: Update test results.
* bindings/scripts/test/TestObj.idl: Add test cases.
2012-11-13 Lucas Forschler <lforschler@apple.com>
Merge r125280
2012-08-10 Jon Lee <jonlee@apple.com>
Change Notification.permissionLevel() to Notification.permission
https://bugs.webkit.org/show_bug.cgi?id=88919
<rdar://problem/11650319>
Reviewed by Kentaro Hara.
Retrieving the permission level has changed to Notification.permission, per this discussion:
http://lists.w3.org/Archives/Public/public-web-notification/2012Jun/0000.html
Test: fast/notifications/notifications-permission.html
* Modules/notifications/Notification.cpp: Rename to match attribute name.
(WebCore::Notification::permission):
* Modules/notifications/Notification.h: Rename to match attribute name.
(Notification):
* Modules/notifications/Notification.idl: Change to static readonly attribute.
2012-11-13 Lucas Forschler <lforschler@apple.com>
Merge r127000
2012-08-29 Alexander Pavlov <apavlov@chromium.org>
Web Inspector: Page with @import and :last-child in an edited stylesheet will crash
https://bugs.webkit.org/show_bug.cgi?id=95324
Reviewed by Antti Koivisto.
Ensure the destroyed StyleRules removal from StyleResolver by creating a separate RuleMutationScope for clearing the StyleSheetContents.
Test: inspector/styles/import-pseudoclass-crash.html
* inspector/InspectorStyleSheet.cpp:
(WebCore::InspectorStyleSheet::reparseStyleSheet):
2012-11-13 Lucas Forschler <lforschler@apple.com>
Rollout r133090
2012-11-12 Lucas Forschler <lforschler@apple.com>
Merge r133469
2012-11-05 Antti Koivisto <antti@apple.com>
Protect against resource deletion during iteration in MemoryCache::pruneDeadResourcesToSize
https://bugs.webkit.org/show_bug.cgi?id=101211
Reviewed by Andreas Kling.
Some crashes have been seen under MemoryCache::pruneDeadResourcesToSize. A possible cause is that
destroyDecodedData() call ends up evicting the resource pointed by 'previous' pointer during iteration
and deleting the object. This looks in principle possible via stylesheets and SVG images.
Speculative fix, no repro, no obvious way to construct a test.
* loader/cache/MemoryCache.cpp:
(WebCore::MemoryCache::pruneDeadResourcesToSize):
Use CachedResourceHandle to protect the 'previous' pointer during iteration. Check if the
resource has been kicked out from the cache during destroyDecodedData() and stop iterating
if has (as it may die when CachedResourceHandle releases it).
The 'current' pointer is not protected as the resource it points to is allowed to die.
2012-11-12 Lucas Forschler <lforschler@apple.com>
Merge r131077
2012-10-11 Dan Bernstein <mitz@apple.com>
<rdar://problem/12477191> Combined text reverts to full-width font after a style change
https://bugs.webkit.org/show_bug.cgi?id=99009
Reviewed by John Sullivan.
Test: fast/text/text-combine-width-after-style-change.html
* rendering/RenderCombineText.cpp:
(WebCore::RenderCombineText::styleDidChange): Changed to reset m_isCombined to false, to
ensure that combineText() is called on the next layout.
2012-11-12 Lucas Forschler <lforschler@apple.com>
Merge r131018
2012-10-10 Jer Noble <jer.noble@apple.com>
Disallow full screen mode keyboard access by default.
https://bugs.webkit.org/show_bug.cgi?id=98971
<rdar://problem/12474226>
Reviewed by Sam Weinig.
Fall back to requesting non-keyboard access if the client refuses to allow keyboard access.
* dom/Document.cpp:
(WebCore::Document::requestFullScreenForElement):
2012-11-12 Lucas Forschler <lforschler@apple.com>
Merge r130855
2012-10-09 Philip Rogers <pdr@google.com>
Recursively detach SVGElementInstances
https://bugs.webkit.org/show_bug.cgi?id=98851
Reviewed by Ryosuke Niwa and Abhishek Arya
Before this patch, SVGElementInstance child nodes were not being detached. This
patch makes detach() recursively detach SVGElementInstances.
* svg/SVGElementInstance.cpp:
(WebCore::SVGElementInstance::detach):
2012-11-12 Lucas Forschler <lforschler@apple.com>
Merge r129796
2012-09-27 Philip Rogers <pdr@google.com>
Rewrite multithreaded filter job dispatching
https://bugs.webkit.org/show_bug.cgi?id=97500
Reviewed by Dean Jackson.
This patch solves the problem of splitting up images into subregions for multithreaded
filters. This fixes the way we partition the image array into equal-sized chunks.
If we have an array of length N and want to split it into K chunks, we calculate:
int jobSize = N / K; // integer division, so this is floored
int jobSizeExtra = N % K; // modulus produces the remainder
We then split the array into jobSizeExtra number of jobs with size jobSize + 1
and (K - jobSizeExtra) number of jobs with size jobSize. This pattern
is used in each of the 5 filters in this patch.
This patch primarily fixes an error in FEMorphology::platformApply where
the image array was partitioned into (1 + (N / K)) pieces with the last job
taking the remainder. Unfortunately, this can cause overruns in the 2nd-to-last job.
Consider N = 2373 and K = 64 jobs. Job 0 would take indices 0...38, job 1 would take
38...76, etc. Unfortunately the 62nd job takes 2356...2394 which overruns.
To prevent similar issues elsewhere this patch updates all of the filters
to use the same pattern as FEMorphology.
Test: svg/filters/feMorphology-crash.html
* platform/graphics/filters/FEConvolveMatrix.cpp:
(WebCore::FEConvolveMatrix::platformApplySoftware):
* platform/graphics/filters/FEGaussianBlur.cpp:
(WebCore::FEGaussianBlur::platformApply):
* platform/graphics/filters/FELighting.cpp:
(WebCore::FELighting::platformApplyGeneric):
* platform/graphics/filters/FEMorphology.cpp:
(WebCore::FEMorphology::platformApply):
Some special care is taken for Gaussian Blur because there is an
extraHeight parameter for sampling outside the image's dimensions.
This means we use the same partitioning algorithm but add
extraHeight padding on the lower and upper bounds.
* platform/graphics/filters/FETurbulence.cpp:
(WebCore::FETurbulence::platformApplySoftware):
2012-11-09 Lucas Forschler <lforschler@apple.com>
Merge r132427
2012-10-24 Beth Dakin <bdakin@apple.com>
https://bugs.webkit.org/show_bug.cgi?id=100169
We should make TileCache tiles the size of the tile coverage rect
when we can't do fast scrolling
-and-
<rdar://problem/12505021>
Reviewed by Simon Fraser.
Some websites that don't do fast scrolling still scroll slower than
they do with tiled drawing disabled.
https://bugs.webkit.org/show_bug.cgi?id=99768 addressed some of this
performance problem, but there is still more ground to make up. This
patch addresses the remaining issue by making tiles the size of the
window when we can't do fast scrolling.
The constructor and create function no longer take a size parameter.
That's all fully controlled within TileCache now. m_tileSize is no
longer const.
* platform/graphics/ca/mac/TileCache.h:
Store the current default size as constants so that we can access it
in both the constructor and adjustTileSizeForCoverageRect().
* platform/graphics/ca/mac/TileCache.mm:
(WebCore::TileCache::TileCache):
This new function will set m_tileSize to the size of the tile
coverage rect if the tile coverage is limited to the visible area.
Otherwise, the tiles are set to be the default size.
(WebCore::TileCache::adjustTileSizeForCoverageRect):
Call adjustTileSizeForCoverageRect().
(WebCore::TileCache::revalidateTiles):
No need to send in a size anymore.
* platform/graphics/ca/mac/WebTileCacheLayer.h:
(WebCore):
2012-11-09 Lucas Forschler <lforschler@apple.com>
Merge r131939
2012-10-19 Beth Dakin <bdakin@apple.com>
https://bugs.webkit.org/show_bug.cgi?id=99768
We should limit the tile cache coverage when a page can't take
advantage of fast tile scrolling anyway
Reviewed by Simon Fraser.
When sites can't use fast-scrolling, there is no need to inflate the
tile cache. In fact, we get a performance boost by keeping it small
on painting-intensive sites.
Instead of just looking a whether or not the FrameView
canHaveScrollbar(), consult
shouldUpdateScrollLayerPositionOnMainThread().
* page/FrameView.cpp:
(WebCore::FrameView::performPostLayoutTasks):
* rendering/RenderLayerBacking.cpp:
(WebCore::RenderLayerBacking::RenderLayerBacking):
Expose shouldUpdateScrollLayerPositionOnMainThread().
* page/scrolling/ScrollingCoordinator.cpp:
(WebCore::ScrollingCoordinator::hasNonLayerFixedObjects):
(WebCore::ScrollingCoordinator::shouldUpdateScrollLayerPositionOnMainThread):
(WebCore):
(WebCore::ScrollingCoordinator::updateShouldUpdateScrollLayerPositionOnMainThread):
* page/scrolling/ScrollingCoordinator.h:
(ScrollingCoordinator):
Bug fix. Should be bitwise and.
* platform/graphics/ca/mac/TileCache.mm:
(WebCore::TileCache::tileCoverageRect):
2012-11-09 Lucas Forschler <lforschler@apple.com>
Merge r130236
2012-10-02 Simon Fraser <simon.fraser@apple.com>
Make TiledBacking slightly less aware of scrolling
https://bugs.webkit.org/show_bug.cgi?id=98216
Reviewed by Anders Carlsson.
TiledBacking shouldn't really care about there being scrollbars;
recast this in terms of "tile coverage", described by a bitfield
that has flags for coverage optimized for horizontal and vertical
scrolling. This allows for additional tile coverage behaviors later.
* page/FrameView.cpp:
(WebCore::FrameView::performPostLayoutTasks):
* platform/graphics/TiledBacking.h:
* platform/graphics/ca/mac/TileCache.h:
* platform/graphics/ca/mac/TileCache.mm:
(WebCore::TileCache::TileCache): Initialize m_isInWindow to false to
be more conservative. It gets explicitly set by the only caller now, so this is
not a behavior change.
(WebCore::TileCache::setIsInWindow):
(WebCore::TileCache::setTileCoverage):
(WebCore::TileCache::tileCoverageRect):
* rendering/RenderLayerBacking.cpp:
(WebCore::RenderLayerBacking::RenderLayerBacking):
2012-11-09 Lucas Forschler <lforschler@apple.com>
Merge r126251.
2012-08-21 Julien Chaffraix <jchaffraix@webkit.org>
Crash in RenderTableSection::setCellLogicalWidths
https://bugs.webkit.org/show_bug.cgi?id=94291
Reviewed by Abhishek Arya.
This issue was that splitAnonymousBoxesAroundChild would move a table section
into a newly created table *without* marking it as needing cell recalc. The table
would thus never build its structure to match its sections. The fix is to hop on
the new willBeRemovedFromTree signal so that the section invalidates itself properly.
Test: fast/table/crash-split-table-section-no-cell-recalc.html
* rendering/RenderTableSection.cpp:
(WebCore::RenderTableSection::willBeRemovedFromTree):
* rendering/RenderTableSection.h:
Replaced willBeDestroyed by willBeRemovedFromTree in RenderTableSection. This ensures that it is called
when moving sections in the tree to mark them as needing cell recalc.
2012-11-09 Lucas Forschler <lforschler@apple.com>
Merge r126048.
Prerequisite for <rdar://problem/12536470>
2012-08-20 Julien Chaffraix <jchaffraix@webkit.org>
Introduce a will-be-removed-from-tree notification in RenderObject
https://bugs.webkit.org/show_bug.cgi?id=94271
Reviewed by Abhishek Arya.
Following bug 93874, we have an insertion notification. This change adds the
matching removal notification (willBeRemovedFromTree).
Refactoring covered by existing tests.
* rendering/RenderObjectChildList.cpp:
(WebCore::RenderObjectChildList::removeChildNode):
Removed the code from here and moved it below.
* rendering/RenderObject.cpp:
(WebCore::RenderObject::willBeRemovedFromTree):
* rendering/RenderObject.h:
This is the base function that should be called by every instance.
* rendering/RenderListItem.cpp:
(WebCore::RenderListItem::willBeRemovedFromTree):
* rendering/RenderListItem.h:
* rendering/RenderQuote.cpp:
(WebCore::RenderQuote::willBeRemovedFromTree):
* rendering/RenderQuote.h:
* rendering/RenderRegion.cpp:
(WebCore::RenderRegion::willBeRemovedFromTree):
* rendering/RenderRegion.h:
Overriden functions.
2012-11-09 Lucas Forschler <lforschler@apple.com>
Merge r125737.
Prerequisite for <rdar://problem/12536470>
2012-08-15 Julien Chaffraix <jchaffraix@webkit.org>
Add a was-inserted-into-tree notification to RenderObject
https://bugs.webkit.org/show_bug.cgi?id=93874
Reviewed by Eric Seidel.
This change adds insertedIntoTree to RenderObject so that renderers
can now do their post-insertion task inside this function.
Our current architecture has 2 ways of doing post-insertion tasks:
- overriding RenderObject::addChild
- RenderObjectChildList::insertChildNode / appendChildNode
Because the former is not guaranteed to be called for each insertion
(on top of being called on the parent and not the inserted child), the
2 latter functions are the one that have been mostly used recently. This
led to code duplication between the functions but also doesn't scale as
other renderers need to hop on this notification and currently don't (for
example, table parts). The other renderer's migration will be done in
follow-up patches.
Refactoring covered by existing tests.
* rendering/RenderObjectChildList.cpp:
(WebCore::RenderObjectChildList::removeChildNode):
* rendering/RenderObject.cpp:
(WebCore::RenderObject::enclosingRenderNamedFlowThread):
Moved the code from renderNamedFlowThreadContainer to RenderObject::enclosingRenderNamedFlowThread.
This is needed as now 2 classes need to access the function.
* rendering/RenderObjectChildList.cpp:
(WebCore::RenderObjectChildList::appendChildNode):
(WebCore::RenderObjectChildList::insertChildNode):
Moved the code duplicated from those 2 functions into
the instances of insertedIntoTree below.
* rendering/RenderObject.cpp:
(WebCore::RenderObject::insertedIntoTree):
Base function that needs to be called from all the other
specialized functions below.
* rendering/RenderListItem.cpp:
(WebCore::RenderListItem::insertedIntoTree):
* rendering/RenderListItem.h:
* rendering/RenderObject.h:
* rendering/RenderObjectChildList.h:
* rendering/RenderRegion.cpp:
(WebCore::RenderRegion::insertedIntoTree):
* rendering/RenderRegion.h:
Added the overriden insertedIntoTree function.
* rendering/RenderQuote.h:
Moved the comment from RenderObjectChildList about RenderQuote here.
2012-11-09 Lucas Forschler <lforschler@apple.com>
Merge r125635
2012-08-14 Ojan Vafai <ojan@chromium.org>
Fix access to m_markupBox in WebCore::EllipsisBox::paint
https://bugs.webkit.org/show_bug.cgi?id=91138
Reviewed by Abhishek Arya.
EllipsisBox would hold on to m_markupBox, which would then get destroyed during
the followup layoutIfNeeded in layoutVerticalBox. Instead, have EllipsisBox
dynamically grab to pointer to the markup box during paint since there's no
straightforward way to notify the EllipsisBox that the markupBox has been destroyed
and/or point it at the new markupBox.
Test: fast/overflow/line-clamp-and-columns.html
* rendering/EllipsisBox.cpp:
(WebCore::EllipsisBox::paint):
(WebCore):
(WebCore::EllipsisBox::paintMarkupBox):
* rendering/EllipsisBox.h:
(WebCore::EllipsisBox::EllipsisBox):
Just store a boolean that we have a markup box that needs painting.
* rendering/RenderDeprecatedFlexibleBox.cpp:
(WebCore::RenderDeprecatedFlexibleBox::applyLineClamp):
Clearing the override size right after setting it was incorrect because
there are cases where we'll do a followup layout in layoutVerticalBox, at which
point we'll still need the override size.
(WebCore::RenderDeprecatedFlexibleBox::clearLineClamp):
Clear the override size here to handle cases where line clamp is removed since
we don't call applyLineClamp in those cases.
2012-11-08 Lucas Forschler <lforschler@apple.com>
Merge r125597
2012-08-13 Adrienne Walker <enne@google.com>
REGRESSION (r109851): Video controls do not render
https://bugs.webkit.org/show_bug.cgi?id=93859
Reviewed by Simon Fraser.
Because video layers can't act as an ancestor composited layer whose
backing can be shared by child layers, any child layer of a video
layer needs to be put into its own composited layer. Because this is
technically overlap, the "overlap" indirect compositing reason is
reused for this case.
Test: compositing/video/video-controls-layer-creation.html
* rendering/RenderLayerCompositor.cpp:
(WebCore::RenderLayerCompositor::computeCompositingRequirements):
2012-11-07 Lucas Forschler <lforschler@apple.com>
Merge r129652
2012-09-26 Brady Eidson <beidson@apple.com>
(Threaded scrolling) WebKit not scrolling to the correct location upon going back on macsurfer.com
<rdar://problem/12039913> and https://bugs.webkit.org/show_bug.cgi?id=97617
Reviewed by Anders Carlsson.
In the asynchronous land of threaded scrolling we lose the information about whether or not a scroll
is programmatic.
This caused all scrolls to be treated as user scrolls and to generated scroll events.
We can fix this by passing the programmatic bit to the scrolling thread and re-applying it back in the main thread.
Unable to test threaded scrolling at this time.
Include the "Is programmatic scroll" bit in the scroll state:
* page/scrolling/ScrollingTreeState.cpp:
(WebCore::ScrollingTreeState::ScrollingTreeState):
(WebCore::ScrollingTreeState::setRequestedScrollPosition): Also set whether or not this represents a programmatic scroll.
* page/scrolling/ScrollingTreeState.h:
(ScrollingTreeState):
(WebCore::ScrollingTreeState::requestedScrollPositionRepresentsProgrammaticScroll):
Pass that bit back to the ScrollingCoordinator:
* page/scrolling/ScrollingTree.cpp:
(WebCore::ScrollingTree::ScrollingTree):
(WebCore::ScrollingTree::commitNewTreeState):
(WebCore::ScrollingTree::updateMainFrameScrollPosition):
* page/scrolling/ScrollingTree.h:
* page/scrolling/ScrollingCoordinator.cpp:
(WebCore::ScrollingCoordinator::requestScrollPositionUpdate): Pass the "is programmatic scroll" bit to the scrolling thread.
(WebCore::ScrollingCoordinator::updateMainFrameScrollPosition): Reset the "is programmatic scroll" bit on the FrameView.
* page/scrolling/ScrollingCoordinator.h:
(ScrollingCoordinator):
* page/FrameView.h:
(FrameView):
(WebCore::FrameView::inProgrammaticScroll): Expose setter/getters for the programmatic scroll flag.
(WebCore::FrameView::setInProgrammaticScroll):
2012-11-06 Lucas Forschler <lforschler@apple.com>
Merge r129469
2012-09-25 MORITA Hajime <morrita@google.com>
adoptNode() shouldn't reset ownerDocument if the source node failed to remove itself
https://bugs.webkit.org/show_bug.cgi?id=97527
Reviewed by Ryosuke Niwa.
Document::adoptNode() overlooked an error which can happen in Node::removeChild().
Which results an assertion failure. This change adds an error check for that code path.
Test: fast/dom/adopt-node-prevented.html
* dom/Document.cpp:
(WebCore::Document::adoptNode):
2012-11-06 Lucas Forschler <lforschler@apple.com>
Merge r129270
2012-09-21 Jeremy Apthorp <jeremya@chromium.org>
Crash in WebCore::Document::fullScreenChangeDelayTimerFired
https://bugs.webkit.org/show_bug.cgi?id=97367
Reviewed by Abhishek Arya.
The document could be destroyed during the processing of the
fullscreenchange event, if the document was destroyed as a result of
one of the dispatchEvent calls.
This bug isn't reliably reproducible, so no new tests.
* dom/Document.cpp:
(WebCore::Document::fullScreenChangeDelayTimerFired):
2012-11-06 Lucas Forschler <lforschler@apple.com>
Merge r128964
2012-09-18 Eric Carlson <eric.carlson@apple.com>
Check settings before registering AVFoundation media engine.
https://bugs.webkit.org/show_bug.cgi?id=97048
<rdar://problem/12313594>
Reviewed by Dan Bernstein.
Fix the bug introduced in r122676.
* platform/graphics/MediaPlayer.cpp:
(WebCore::installedMediaEngines): Uncomment the call to check AVFoundation settings.
2012-11-06 Lucas Forschler <lforschler@apple.com>
Merge r128654
2012-09-14 Tom Sepez <tsepez@chromium.org>
ImageLoader can't be cleared when video element poster attribute removed.
https://bugs.webkit.org/show_bug.cgi?id=96301
Reviewed by Abhishek Arya.
Same problem as in https://bugs.webkit.org/show_bug.cgi?id=90801. We can't
clear the image loader when the src attribute is cleared, because we might be
inside a handler called on top of an image loader event dispatch. Instead we
will rely on the OwnPtr relationship between the Element and the Image Loader
to limit the lifetime of the loader to that of the element.
Test: fast/dom/beforeload/clear-video-poster-in-beforeload-listener.html
* html/HTMLVideoElement.cpp:
(WebCore::HTMLVideoElement::parseAttribute):
Remove permature clearing of m_imageLoader.
* html/HTMLEmbedElement.cpp:
(WebCore::HTMLEmbedElement::parseAttribute):
Remove permature clearing of m_imageLoader.
* html/HTMLObjectElement.cpp:
(WebCore::HTMLObjectElement::parseAttribute):
Remove permature clearing of m_imageLoader.
2012-11-06 Lucas Forschler <lforschler@apple.com>
Merge r127082
2012-08-29 Michael Saboff <msaboff@apple.com>
use after free in WebCore::FileReader::doAbort
https://bugs.webkit.org/show_bug.cgi?id=91004
Reviewed by Jian Li.
Added check in FileReader::abort to not process the abort if we aren't in the LOADING
state. This is per the FileAPI spec section 8.5.6 step #1.
Tests: fast/files/file-reader-immediate-abort.html
fast/files/file-reader-done-reading-abort.html
* fileapi/FileReader.cpp:
(WebCore::FileReader::abort):
2012-11-06 Lucas Forschler <lforschler@apple.com>
Merge r126657
2012-08-24 Florin Malita <fmalita@chromium.org>
ASSERTION FAILED: !attached() in WebCore::Node::attach()
https://bugs.webkit.org/show_bug.cgi?id=94650
Reviewed by Abhishek Arya.
Prevent SVGTests::handleAttributeChange() from attaching elements with detached parents.
Test: svg/custom/system-language-crash.html
* svg/SVGTests.cpp:
(WebCore::SVGTests::handleAttributeChange):
2012-11-06 Lucas Forschler <lforschler@apple.com>
Merge r126205
2012-08-21 Florin Malita <fmalita@chromium.org>
ASSERT triggered in SVGTRefTargetEventListener::handleEvent()
https://bugs.webkit.org/show_bug.cgi?id=94487
Reviewed by Nikolas Zimmermann.
The current way of tracking tref target elements by id can leave stale event listeners
under certain circumstances. This patch switches to storing a target RefPtr instead
to avoid an id lookup which may not return the original/attached element.
Test: svg/custom/tref-stale-listener-crash.html
* svg/SVGTRefElement.cpp:
(SVGTRefTargetEventListener):
(WebCore::SVGTRefTargetEventListener::isAttached): use m_target instead of an explicit bool.
(WebCore::SVGTRefTargetEventListener::SVGTRefTargetEventListener):
(WebCore::SVGTRefTargetEventListener::attach): save a target RefPtr instead of an id.
(WebCore::SVGTRefTargetEventListener::detach): detach the target element directly without
going through a lookup.
(WebCore::SVGTRefTargetEventListener::handleEvent):
(WebCore::SVGTRefElement::updateReferencedText): use an explicit target pointer instead of
the id-based lookup.
(WebCore::SVGTRefElement::buildPendingResource):
* svg/SVGTRefElement.h:
(SVGTRefElement):
2012-11-06 Lucas Forschler <lforschler@apple.com>
Merge r126131
2012-08-20 MORITA Hajime <morrita@google.com>
load event shouldn't fired during node insertion traversals.
https://bugs.webkit.org/show_bug.cgi?id=94447
Reviewed by Ryosuke Niwa.
HTMLFrameElementBase::didNotifyDescendantInsertions() with empty @src
can trigger a load event during ChildNodeInsertionNotifier
traversal, whose handler can make DOM tree state inconsistent.
This change introduces a post traversal hook,
didNotifySubtreeInsertions(), for the insertion traversal and
replaces the problematic didNotifyDescendantInsertions() with it.
Since didNotifySubtreeInsertions() is invoked after the traversal,
it is safe for event handlers to mutate the tree.
Test: fast/frames/iframe-onload-and-domnodeinserted.html
* dom/ContainerNodeAlgorithms.h:
(ChildNodeInsertionNotifier): Added a post subtree notification.
(WebCore::ChildNodeInsertionNotifier::notifyNodeInsertedIntoDocument):
(WebCore::ChildNodeInsertionNotifier::notify):
* dom/Node.h:
(WebCore::Node::didNotifySubtreeInsertions): Newly added.
* html/HTMLFrameElementBase.cpp:
(WebCore::HTMLFrameElementBase::insertedInto): Now returns InsertionShouldCallDidNotifySubtreeInsertions
(WebCore::HTMLFrameElementBase::didNotifySubtreeInsertions): Replaced didNotifyDescendantInsertions()
* html/HTMLFrameElementBase.h:
(HTMLFrameElementBase):
2012-11-06 Lucas Forschler <lforschler@apple.com>
Merge r125988
2012-08-19 MORITA Hajime <morrita@google.com>
DOM mutation against including <link> shouldn't trigger pending HTML parser.
https://bugs.webkit.org/show_bug.cgi?id=93641
Reviewed by Ryosuke Niwa.
HTMLLinkElement::removedFrom() invoked Document::removePendingSheet(), which can trigger
HTMLParser that can mutate DOM tree. DOM mutation reentrancy on like this is problematic and
should be prohibited.
This change add an variation of Document::removePendingSheet() which postpones the notification
which triggers DOM mutation, and flush such pending notifications at the end of ongoing mutation.
Test: http/tests/loading/remove-child-triggers-parser.html
* dom/ContainerNodeAlgorithms.h:
(WebCore::ChildNodeRemovalNotifier::notify): Flushed pending notifications at the end.
* dom/Document.cpp:
(WebCore::Document::Document):
(WebCore::Document::removePendingSheet): Added RemovePendingSheetNotificationType parameter.
(WebCore):
(WebCore::Document::didRemoveAllPendingStylesheet): Extracted from removePendingSheet()
* dom/Document.h:
(Document):
(WebCore::Document::setNeedsNotifyRemoveAllPendingStylesheet): A flag setter.
(WebCore::Document::notifyRemovePendingSheetIfNeeded):
(WebCore):
* html/HTMLLinkElement.cpp:
(WebCore::HTMLLinkElement::removedFrom): Switched to use "notification later" version of removePendingSheet()
(WebCore::HTMLLinkElement::removePendingSheet): Added RemovePendingSheetNotificationType parameter.
* html/HTMLLinkElement.h:
2012-11-06 Lucas Forschler <lforschler@apple.com>
Merge r125631
2012-08-14 Chris Evans <cevans@google.com>
Handle the XPath / (root) operator correctly for nodes that aren't attached to the document.
https://bugs.webkit.org/show_bug.cgi?id=36427
Reviewed by Abhishek Arya.
We now behave the same as Firefox 14.
The consensus seems to be that the XPath spec is ambiguous for the case of detached nodes, and that using the fragment root is more intuitive than the document root for the case of detached nodes.
For example, http://www.w3.org/TR/xpath/ section 2 "Location Paths" is only clear for attached nodes: "A / by itself selects the root node of the document containing the context node. If it is followed by a relative location path, then the location path selects the set of nodes that would be selected by the relative location path relative to the root node of the document containing the context node."
Test: fast/xpath/xpath-detached-nodes.html
* xml/XPathPath.cpp:
(WebCore::XPath::LocationPath::evaluate): Jump to the root of the detached subtree instead of the parent document if the node isn't attached to the document.
2012-11-06 Lucas Forschler <lforschler@apple.com>
Merge r125503
2012-08-13 Douglas Stockwell <dstockwell@chromium.org>
Crash in WebCore::RenderBlock::LineBreaker::nextLineBreak
https://bugs.webkit.org/show_bug.cgi?id=93806
Reviewed by Abhishek Arya.
When looking for line breaks on the first line, existing code was
checking for text-combine only in the first-line style. Since
text-combine isn't inherited this resulted in a line break being
chosen before combineText was called. When this happened and then
combineText was called subsequently, the position of the line break
iterator would be invalid.
This patch changes the check to use the regular style as in
skipLeadingWhitespace and textWidth.
Test: fast/text/text-combine-first-line-crash.html
* rendering/RenderBlockLineLayout.cpp:
(WebCore::RenderBlock::LineBreaker::nextLineBreak): Don't use the
first-line style when checking text-combine.
2012-11-05 Lucas Forschler <lforschler@apple.com>
Merge r125353
2012-08-11 Abhishek Arya <inferno@chromium.org>
Unreviewed.
Removing newly added assert in r125351 since it is exposing
legitimate layout bugs in few tests. We will re-add the assert
after fixing those bugs. Failures are tracked in webkit bug 93766.
* rendering/RenderBlock.cpp:
(WebCore::RenderBlock::removeFromTrackedRendererMaps):
2012-11-05 Lucas Forschler <lforschler@apple.com>
Merge r125351
2012-08-11 Levi Weintraub <leviw@chromium.org>
Track block's positioned objects like percent-height descendants
https://bugs.webkit.org/show_bug.cgi?id=89848
Reviewed by Abhishek Arya.
The previous method for tracking a RenderBlock's out-of-flow positioned descendants was error prone,
subject to becoming inconsistent, and in the case of removePositionedObjects, inefficient. This patch
extracts the algorithm used for percent height descendants and re-uses it for positioned objects. This same
method could further be re-used for floats.
This change removes the m_positionedObjects pointer, which brings RenderBlock's size down (yay!).
Test: fast/block/positioning/relayout-nested-positioned-elements-crash-2.html
* rendering/RenderBlock.cpp:
(SameSizeAsRenderBlock):
(WebCore):
(WebCore::removeBlockFromDescendantAndContainerMaps):
(WebCore::RenderBlock::~RenderBlock):
(WebCore::RenderBlock::addOverflowFromPositionedObjects):
(WebCore::RenderBlock::layoutBlockChildren):
(WebCore::RenderBlock::layoutPositionedObjects):
(WebCore::RenderBlock::markPositionedObjectsForLayout):
(WebCore::clipOutPositionedObjects):
(WebCore::RenderBlock::selectionGaps):
(WebCore::RenderBlock::insertIntoTrackedRendererMaps):
(WebCore::RenderBlock::removeFromTrackedRendererMaps):
(WebCore::RenderBlock::positionedObjects):
(WebCore::RenderBlock::insertPositionedObject):
(WebCore::RenderBlock::removePositionedObject):
(WebCore::RenderBlock::removePositionedObjects):
(WebCore::RenderBlock::addPercentHeightDescendant):
(WebCore::RenderBlock::removePercentHeightDescendant):
(WebCore::RenderBlock::percentHeightDescendants):
(WebCore::RenderBlock::checkPositionedObjectsNeedLayout):
* rendering/RenderBlock.h:
(WebCore):
(RenderBlock):
(WebCore::RenderBlock::hasPositionedObjects):
* rendering/RenderBox.cpp:
(WebCore::RenderBox::removeFloatingOrPositionedChildFromBlockLists):
* rendering/RenderBoxModelObject.cpp:
(WebCore::RenderBoxModelObject::moveChildTo): Changing the fixme to reflect the assumption that the caller
has taken care of updating the positioned renderer maps is a decision not a bug. The ASSERT should help
assure this.
* rendering/RenderTableSection.cpp:
(WebCore::RenderTableSection::layoutRows):
* rendering/RenderView.cpp:
(WebCore::RenderView::setFixedPositionedObjectsNeedLayout):
2012-11-05 Lucas Forschler <lforschler@apple.com>
Merge r125315
2012-08-10 Abhishek Arya <inferno@chromium.org>
Crash on accessing a removed layout root in FrameView::scheduleRelayout.
https://bugs.webkit.org/show_bug.cgi?id=91368
Reviewed by Levi Weintraub.
We were calling setNeedsLayoutAndPrefWidthsRecalc() in RenderBlock::collapseAnonymousBoxChild
even when documentBeingDestroyed() was true. This ends up accessing stale layout root and bypasses
mitigation added in r109406. There is no need to waste time merging up anonymous blocks in
RenderBlock::removeChild when documentBeingDestroyed() is true.
No new tests. The test is time sensitive, requires a bunch of reloads, and only reproduces on chromium linux.
* rendering/RenderBlock.cpp:
(WebCore::RenderBlock::collapseAnonymousBoxChild):
(WebCore::RenderBlock::removeChild):
2012-11-05 Lucas Forschler <lforschler@apple.com>
Merge r125237
2012-08-09 MORITA Hajime <morrita@google.com>
https://bugs.webkit.org/show_bug.cgi?id=93587
Node::replaceChild() can create bad DOM topology with MutationEvent, Part 2
Reviewed by Kent Tamura.
This is a followup of r124156. replaceChild() has yet another hidden
MutationEvent trigger. This change added a guard for it.
Test: fast/events/mutation-during-replace-child-2.html
* dom/ContainerNode.cpp:
(WebCore::ContainerNode::replaceChild):
2012-11-05 Lucas Forschler <lforschler@apple.com>
Merge r125234
2012-08-09 Julien Chaffraix <jchaffraix@webkit.org>
Crash in WebCore::RenderTable::cellBefore
https://bugs.webkit.org/show_bug.cgi?id=91160
Reviewed by Abhishek Arya.
The issue was that we wouldn't properly set the row index on row in a newly split table. When inserting
the cell into the new row, we would try to repaint the cell which would access the row index and crash.
This came from splitAnonymousBoxesAroundChild calling RenderObjectChildList::insertChildNode directly
which doesn't invoke the row setting logic (RenderTableSection::addChild for example but we cannot call
addChild due to concern over splitting flows in the general case).
Test: fast/table/split-anonymous-boxes-around-table-repaint-crash.html
* rendering/RenderBox.cpp:
(WebCore::RenderBox::splitAnonymousBoxesAroundChild):
Dirty our parent box, which forces a cell recomputation which will set the row index. This needs to
be done *before* we insert the child to avoid crashing when repainting the new child.
2012-11-05 Lucas Forschler <lforschler@apple.com>
Merge r125162
2012-08-09 MORITA Hajime <morrita@google.com>
DOMCharacterDataModified should not be fired inside shadows
https://bugs.webkit.org/show_bug.cgi?id=93427
Reviewed by Ryosuke Niwa.
CharacterData::dispatchModifiedEvent() fires DOMCharacterDataModified event even if
the node is in shadow. But it shouldn't. Check dispatchChildInsertionEvents() and
dispatchChildRemovalEvents() to see how other MutationEvents are suppressed behind shadows.
This change follows the same path to suppress DOMCharacterDataModified.
Tests: fast/dom/shadow/suppress-mutation-events-in-shadow-characterdata.html
fast/forms/textarea-and-mutation-events-appending-text.html
* dom/CharacterData.cpp:
(WebCore::CharacterData::dispatchModifiedEvent):
2012-11-05 Lucas Forschler <lforschler@apple.com>
Merge r125147
2012-08-08 MORITA Hajime <morrita@google.com>
[SVG] load events shouldn't be fired during Node::insrtedInto()
https://bugs.webkit.org/show_bug.cgi?id=92969
Reviewed by Ryosuke Niwa.
Event dispatches during insertedInto() allow event handlers to
break DOM tree cosistency. This chagne makes them async for load
events which are dispatched during insertedInto() call. This
prevents event handlers from breaking tree consistency while the
notification traversal.
Test: svg/custom/loadevents-async.html
* svg/SVGElement.cpp:
(WebCore::SVGElement::sendSVGLoadEventIfPossibleAsynchronously): Added.
(WebCore):
(WebCore::SVGElement::svgLoadEventTimerFired): Added.
(WebCore::SVGElement::svgLoadEventTimer):
- Added a stub. Implemented in SVGScriptElement, SVGStopElement, SVGUseElement
where the load event happens.
* svg/SVGElement.h:
(SVGElement):
* svg/SVGExternalResourcesRequired.cpp:
(WebCore::SVGExternalResourcesRequired::insertedIntoDocument):
- Replaces event dispatch call with async version.
* svg/SVGScriptElement.h:
* svg/SVGStyleElement.h:
* svg/SVGUseElement.h:
2012-11-05 Lucas Forschler <lforschler@apple.com>
Merge r125091
2012-08-08 Beth Dakin <bdakin@apple.com>
https://bugs.webkit.org/show_bug.cgi?id=92275
Need a way to get a snapshot image that does not show the selection
-and corresponding-
<rdar://problem/11956802>
Reviewed by Anders Carlsson.
New function FrameView::paintContentsForSnapshot() has the option to
exclude selection from the snapshot.
Export new function
* WebCore.exp.in:
Clear the selection from the RenderView when selection is to be excluded. Restore
all of this information via FrameSelection::updateAppearance() after calling
paintContents().
* page/FrameView.cpp:
(WebCore::FrameView::paintContentsForSnapshot):
(WebCore):
* page/FrameView.h:
2012-11-05 Lucas Forschler <lforschler@apple.com>
Merge r125052
2012-08-08 Tom Sepez <tsepez@chromium.org>
Video element image loader must persist after element detach.
https://bugs.webkit.org/show_bug.cgi?id=90801
Reviewed by Eric Carlson.
We rely on the OwnPtr in the element to cleanup the loader.
Test: fast/dom/beforeload/remove-video-poster-in-beforeload-listener.html
* html/HTMLVideoElement.cpp:
(WebCore):
* html/HTMLVideoElement.h:
(HTMLVideoElement):
2012-11-05 Lucas Forschler <lforschler@apple.com>
Merge r124924
2012-08-07 Anders Carlsson <andersca@apple.com>
Knob slot animation is flipped
https://bugs.webkit.org/show_bug.cgi?id=93396
Reviewed by Beth Dakin.
When painting the scrollbar knob slot, use rectForPart: since it correctly takes the expansion transition state into account.
* platform/mac/ScrollbarThemeMac.mm:
(WebCore::scrollbarPainterPaint):
2012-11-05 Lucas Forschler <lforschler@apple.com>
Merge r124919
2012-08-07 Adrienne Walker <enne@google.com>
50% fixed position coverage slow scroll heuristic is incorrect when invalidations aren't clipped
https://bugs.webkit.org/show_bug.cgi?id=92011
Reviewed by Simon Fraser.
The heuristic in scrollContentsFastPath to slow scroll by invalidating
the entire frame if fixed position elements cover 50% of the frame
takes away the ability of ports to make their own decisions about how
to best handle invalidations. Therefore, remove this heuristic.
* page/FrameView.cpp:
(WebCore::FrameView::scrollContentsFastPath):
2012-11-05 Lucas Forschler <lforschler@apple.com>
Merge r124914
2012-08-07 Abhishek Arya <inferno@chromium.org>
Crash in ContainerNode::cloneChildNodes.
https://bugs.webkit.org/show_bug.cgi?id=93378
Reviewed by Levi Weintraub.
Re-enabling the editing delete button controller in cloneChildNode was causing style changes,
thereby causing load events to fire. The load event can blow our nodes from underneath. This causes
crashes when we are nested inside cloneChildNodes. The patch just skips the delete button controller's
container element from being cloned and removes the hacky enable/disable logic.
Test: fast/dom/clone-node-load-event-crash.html
* dom/ContainerNode.cpp:
(WebCore::ContainerNode::cloneChildNodes):
2012-11-05 Lucas Forschler <lforschler@apple.com>
Merge r124888
2012-08-07 Abhishek Arya <inferno@chromium.org>
Crash in InlineFlowBox::deleteLine.
https://bugs.webkit.org/show_bug.cgi?id=88795
Reviewed by Tony Chang.
When we move the fullscreen object from its parent to RenderFullScreen, we forgot to clear the
line box tree underneath the object's containing block and mark it for layout. Before the patch,
the containing block never got laid out and maintained references to removed line boxes (since the
object moved under RenderFullScreen did get laid out and its lineboxes replaced with new ones).
Test: fullscreen/full-screen-line-boxes-crash.html
* rendering/RenderFullScreen.cpp:
(RenderFullScreen::wrapRenderer):
2012-11-05 Lucas Forschler <lforschler@apple.com>
Merge r124843
2012-08-06 Shinya Kawanaka <shinyak@chromium.org>
Crash in GenericEventQueue::timerFired since the owner of GenericEventQueue is deleted during dispatching events.
https://bugs.webkit.org/show_bug.cgi?id=92946
Reviewed by Eric Carlson.
In GenericEventQueue::timerFired(), the owner of GenericEventQueue might be deleted.
We have to protect the owner of GenericEventQueue during dispatching events.
Test: media/event-queue-crash.html
* dom/GenericEventQueue.cpp:
(WebCore::GenericEventQueue::timerFired): Added a protection.
2012-11-02 Lucas Forschler <lforschler@apple.com>
Merge r124776
2012-08-06 Abhishek Arya <inferno@chromium.org>
Crash in FrameLoader::stopAllLoaders.
https://bugs.webkit.org/show_bug.cgi?id=90805
Reviewed by Nate Chapin.
Calling m_provisionalDocumentLoader->stopLoading() can blow away the frame
from underneath. Protect it with a RefPtr.
No new tests. We don't have a reliable testcase to reproduce this. However,
the crash and free stack from ClusterFuzz point clearly at the bug.
* loader/FrameLoader.cpp:
(WebCore::FrameLoader::stopAllLoaders):
2012-11-02 Lucas Forschler <lforschler@apple.com>
Merge r124733
2012-08-05 Philip Rogers <pdr@google.com>
Fix assertion during detach of SVG wrappers without baseVal
https://bugs.webkit.org/show_bug.cgi?id=93063
Reviewed by Nikolas Zimmermann.
r131583 introduced a change where SVGAnimatedListPropertyTearOff required
a baseVal to be set before detaching wrappers. This caused an assertion
to be hit if no baseVal was set.
This patch changes this behavior so that wrappers are detached even if
no baseVal is set.
Test: svg/animations/dynamic-modify-transform-without-baseval.html
* svg/properties/SVGAnimatedListPropertyTearOff.h:
(WebCore::SVGAnimatedListPropertyTearOff::detachListWrappers):
* svg/properties/SVGListProperty.h:
(WebCore::SVGListProperty::detachListWrappersAndResize): Extracted this static method for detaching wrappers without needing an SVGListProperty.
(SVGListProperty):
(WebCore::SVGListProperty::detachListWrappers):
2012-11-02 Lucas Forschler <lforschler@apple.com>
Merge r124681
2012-08-03 Florin Malita <fmalita@chromium.org>
[SVG] Tref target event listener cleanup
https://bugs.webkit.org/show_bug.cgi?id=93004
Reviewed by Abhishek Arya.
Currently SVGTRefElement allocates event listeners dynamically as it attaches to its
targets. Synchronizing the lifetime of the target listener vs. the tref element is
error prone, as various events can stack and trigger nested handlers.
In order to reduce complexity and address a couple of outstanding issues, this patch
changes the way event listeners are allocated: only one target listener is created
for the lifetime of the SVGTRefElement, and gets reused if the target element changes.
Test: svg/custom/tref-nested-events-crash.svg
* dom/EventListener.h:
Added new <tref> target event listener type.
* svg/SVGTRefElement.cpp:
(WebCore):
(WebCore::SVGTRefTargetEventListener::create):
(WebCore::SVGTRefTargetEventListener::cast):
(SVGTRefTargetEventListener):
(WebCore::SVGTRefTargetEventListener::isAttached):
(WebCore::SVGTRefTargetEventListener::SVGTRefTargetEventListener):
(WebCore::SVGTRefTargetEventListener::attach):
(WebCore::SVGTRefTargetEventListener::detach):
(WebCore::SVGTRefTargetEventListener::operator==):
(WebCore::SVGTRefTargetEventListener::handleEvent):
No need to check m_trefElement anymore - the listener is allocated for the whole element
lifetime, detached when the element is removed and deallocated when the element is
destroyed.
(WebCore::SVGTRefElement::SVGTRefElement):
Allocate one target listener per element, at construction time.
(WebCore::SVGTRefElement::~SVGTRefElement):
Detach the listener if necessary.
(WebCore::SVGTRefElement::detachTarget):
Check whether the element is still in document after updating the text (may have been
removed by event handlers).
(WebCore::SVGTRefElement::buildPendingResource):
Attach the event listener before updating the text content to avoid racing with event
handlers (which can remove the element).
(WebCore::SVGTRefElement::removedFrom):
* svg/SVGTRefElement.h:
(WebCore):
(SVGTRefElement):
2012-11-02 Lucas Forschler <lforschler@apple.com>
Merge r124654
2012-08-03 Dan Bernstein <mitz@apple.com>
<rdar://problem/12005188> REGRESSION (Safari 5.1 - 6): Cannot correctly display Traditional Mongolian Script
https://bugs.webkit.org/show_bug.cgi?id=92864
Reviewed by Sam Weinig.
Test: platform/mac/fast/text/combining-character-sequence-vertical.html
* platform/graphics/SimpleFontData.cpp:
(WebCore::SimpleFontData::glyphForCharacter): Added this helper function.
* platform/graphics/SimpleFontData.h:
(SimpleFontData): Declared glyphDataForCharacter.
* platform/graphics/mac/FontComplexTextMac.cpp:
(WebCore::Font::fontDataForCombiningCharacterSequence): Added logic to use the appropriate
variant of each font in the fallback list, which mimcs the equivalent logic in
glyphDataAndPageForCharacter().
2012-11-02 Lucas Forschler <lforschler@apple.com>
Merge r124645
2012-08-03 Anna Cavender <annacc@chromium.org>
Negative timestamps for TextTrackCues should not be allowed.
https://bugs.webkit.org/show_bug.cgi?id=92939
Reviewed by Eric Carlson.
Make sure cues added in JavaScript are not allowed negative timestamps.
Attempting to add a cue with a negative timestamp is not successful
and setting a timestamp to a negative value has no effect.
Test: media/track/track-cue-negative-timestamp.html
* html/track/TextTrack.cpp:
(WebCore::TextTrack::addCue): If the cue's startTime or endTime is
negative, do not add the cue.
* html/track/TextTrackCue.cpp:
(WebCore::TextTrackCue::setStartTime): Ignore negative values.
(WebCore::TextTrackCue::setEndTime): Ignore negative values.
* html/track/TextTrackCueList.cpp:
(WebCore::TextTrackCueList::add): Add ASSERTs to check startTime and
endTime are positive.
2012-11-02 Lucas Forschler <lforschler@apple.com>
Merge r124631
2012-08-03 Stephen Chenney <schenney@chromium.org>
Crash when a clip path referencing a clip path changes documents
https://bugs.webkit.org/show_bug.cgi?id=93023
Reviewed by Dirk Schulze.
The SVGClipPathElement is set to not need pending resource handling,
when in fact it can have pending resources. The result is a crash when
the element is moved to a new document (which deletes all resources
and leaves them pending) and then immediately deleted (which asserts
that there are no pending resources). There is code to remove pending
resources upon deletion and removal from the DOM, but it was not
executing for clips because of the aforementioned code claiming that
clips don't require such handling.
The assertion that there be no pending resources is necessary to
prevent caches of pending resources from trying to access the deleted
element.
This change removes the check for needsPendingResourceHandling in
SVGStyledElement upon deletion and removal from the DOM. Pending resources
will always be checked in such cases to ensure we do not introduce
security issues.
Test: svg/custom/clip-path-document-change-assert.html
* svg/SVGStyledElement.cpp:
(WebCore::SVGStyledElement::~SVGStyledElement): Removed needsPendingResourceHandling in the conditional to clean up resources.
(WebCore::SVGStyledElement::removedFrom): Removed needsPendingResourceHandling in the conditional to clean up resources.
2012-11-02 Lucas Forschler <lforschler@apple.com>
Merge r124626
2012-07-20 Jon Lee <jonlee@apple.com>
Crash in Notification when setting a non-object as an event listener (91881)
https://bugs.webkit.org/show_bug.cgi?id=91881
<rdar://problem/11923341>
Reviewed by Oliver Hunt.
Check to make sure that the value being retrieved is an object. This is similar
to the isObject() check done in the bindings code.
Test: fast/notifications/notifications-event-listener-crash.html
* bindings/js/Dictionary.h:
(WebCore::Dictionary::getEventListener):
2012-11-02 Lucas Forschler <lforschler@apple.com>
Merge r124588
2012-08-03 Adam Barth <abarth@webkit.org>
WebCore::DragController::cleanupAfterSystemDrag should null-check page
https://bugs.webkit.org/show_bug.cgi?id=61815
Reviewed by Eric Seidel.
* page/DragController.cpp:
(WebCore::DragController::dragEnteredOrUpdated):
(WebCore::DragController::doSystemDrag):
2012-11-02 Lucas Forschler <lforschler@apple.com>
Merge r124580
2012-08-03 Abhishek Arya <inferno@chromium.org>
Regression(r124564): Wrong inlineChildrenBlock->hasLayer() computed in RenderBlock::removeChild.
https://bugs.webkit.org/show_bug.cgi?id=90800
Reviewed by Eric Seidel.
r124564 reversed the sequence of setStyle and removeChildNode calls, but failed to cache the value
of inlineChildrenBlock->hasLayer(). So, it will be null when the layer is removed from parent in setStyle.
Fixed by the caching the bool value.
Covered by existing test fast/block/layer-not-removed-from-parent-crash.html.
* rendering/RenderBlock.cpp:
(WebCore::RenderBlock::removeChild):
2012-11-02 Lucas Forschler <lforschler@apple.com>
Merge r124564
2012-08-02 Abhishek Arya <inferno@chromium.org>
Crash due to layer not removed from parent for anonymous block.
https://bugs.webkit.org/show_bug.cgi?id=90800
Reviewed by Kent Tamura.
Reverse the order of setStyle and removeChildNode calls. This ensures that setting the style
properly removes its layer from the parent in RenderBoxModelObject::styleDidChange. Calling
removeChildNode before calling setStyle is problematic since the parent layer never gets
notified.
Test: fast/block/layer-not-removed-from-parent-crash.html
* rendering/RenderBlock.cpp:
(WebCore::RenderBlock::removeChild):
2012-11-02 Lucas Forschler <lforschler@apple.com>
Merge r124556
2012-08-02 Kent Tamura <tkent@chromium.org>
Fix crashes for <input> and <textarea> with display:run-in.
https://bugs.webkit.org/show_bug.cgi?id=87300
Reviewed by Abhishek Arya.
Introduce RenderObject::canBeReplacedWithInlineRunIn, and renderers which
should not be run-in override it so that it returns false.
Test: fast/runin/input-text-runin.html
fast/runin/textarea-runin.html
* rendering/RenderBlock.cpp:
(WebCore::RenderBlock::moveRunInUnderSiblingBlockIfNeeded):
Checks canBeReplacedWithInlineRunIn instead of checking tag names.
* rendering/RenderFileUploadControl.cpp:
(WebCore::RenderFileUploadControl::canBeReplacedWithInlineRunIn):
Added. Disallow run-in.
* rendering/RenderFileUploadControl.h:
(RenderFileUploadControl): Declare canBeReplacedWithInlineRunIn.
* rendering/RenderListBox.cpp:
(WebCore::RenderListBox::canBeReplacedWithInlineRunIn):
Added. Disallow run-in. This is not a behavior change.
* rendering/RenderListBox.h:
(RenderListBox): Declare canBeReplacedWithInlineRunIn.
* rendering/RenderMenuList.cpp:
(WebCore::RenderMenuList::canBeReplacedWithInlineRunIn):
Added. Disallow run-in. This is not a behavior change.
* rendering/RenderMenuList.h:
(RenderMenuList): Declare canBeReplacedWithInlineRunIn.
* rendering/RenderObject.cpp:
(WebCore::RenderObject::canBeReplacedWithInlineRunIn):
Added. Allow run-in by default.
* rendering/RenderObject.h:
(RenderObject): Declare canBeReplacedWithInlineRunIn.
* rendering/RenderProgress.cpp:
(WebCore::RenderProgress::canBeReplacedWithInlineRunIn):
Added. Disallow run-in. This is not a behavior change.
* rendering/RenderProgress.h:
(RenderProgress): Declare canBeReplacedWithInlineRunIn.
* rendering/RenderSlider.cpp:
(WebCore::RenderSlider::canBeReplacedWithInlineRunIn):
Added. Disallow run-in.
* rendering/RenderSlider.h:
(RenderSlider): Declare canBeReplacedWithInlineRunIn.
* rendering/RenderTextControl.cpp:
(WebCore::RenderTextControl::canBeReplacedWithInlineRunIn):
Added. Disallow run-in.
* rendering/RenderTextControl.h:
(RenderTextControl): Declare canBeReplacedWithInlineRunIn.
2012-11-02 Lucas Forschler <lforschler@apple.com>
Merge r124520
2012-08-02 Ryosuke Niwa <rniwa@webkit.org>
scripts in formaction should be stripped upon paste
https://bugs.webkit.org/show_bug.cgi?id=92298
Reviewed by Eric Seidel.
Strip formaction attribute values when the URL is of javascript protocol.
Test: editing/pasteboard/paste-noscript-xhtml.html
editing/pasteboard/paste-noscript.html
* dom/Element.cpp:
(WebCore::isAttributeToRemove): Explicitly compare with href and nohref instead of comparing
the ends of strings since comparing two AtomicString is much faster.
2012-11-01 Lucas Forschler <lforschler@apple.com>
Merge r124491
2012-08-02 Abhishek Arya <inferno@chromium.org>
No isChildAllowed checked when adding RenderFullScreen as the child..
https://bugs.webkit.org/show_bug.cgi?id=92995
Reviewed by Eric Seidel.
Test: fullscreen/fullscreen-child-not-allowed-crash.html
* dom/Document.cpp:
(WebCore::Document::webkitWillEnterFullScreenForElement): pass the object's parent
pointer as an additional argument.
* dom/NodeRenderingContext.cpp:
(WebCore::NodeRendererFactory::createRendererIfNeeded): pass the to be parent |parentRenderer|
as the argument.
* rendering/RenderFullScreen.cpp:
(RenderFullScreen::wrapRenderer): make sure that parent allows RenderFullScreen as the child.
* rendering/RenderFullScreen.h:
(RenderFullScreen): support the object's parent
pointer as an additional argument.
2012-11-01 Lucas Forschler <lforschler@apple.com>
Merge r124258
2012-07-31 Luke Macpherson <macpherson@chromium.org>
Heap-use-after-free in WebCore::StyleResolver::loadPendingImage
https://bugs.webkit.org/show_bug.cgi?id=92606
Reviewed by Abhishek Arya.
Changes StyleResolver's m_pendingImageProperties set to a map, such that for each property we keep
a RefPtr to the CSSValue used to set that property. This ensures that CSSValues are not freed before
they are needed by loadPendingImage.
Test: fast/css/variables/deferred-image-load-from-variable.html
* css/StyleResolver.cpp:
* css/StyleResolver.h:
2012-11-01 Lucas Forschler <lforschler@apple.com>
Merge r124156
2012-07-30 MORITA Hajime <morrita@google.com>
Node::replaceChild() can create bad DOM topology with MutationEvent
https://bugs.webkit.org/show_bug.cgi?id=92619
Reviewed by Ryosuke Niwa.
Node::replaceChild() calls insertBeforeCommon() after dispatching
a MutationEvent event for removeChild(). But insertBeforeCommon()
expects call sites to check the invariant and doesn't have
suffient check. So a MutationEvent handler can let some bad tree
topology to slip into insertBeforeCommon().
This change adds a guard for checking the invariant using
checkReplaceChild() between removeChild() and insertBeforeCommon().
Test: fast/events/mutation-during-replace-child.html
* dom/ContainerNode.cpp:
(WebCore::ContainerNode::replaceChild): Added a guard.
2012-11-01 Lucas Forschler <lforschler@apple.com>
Merge r124089
2012-07-30 Andreas Kling <kling@webkit.org>
REGRESSION(r123636): Heap-use-after-free in StyleResolver::collectMatchingRules.
<http://webkit.org/b/92430>
Reviewed by Antti Koivisto.
Don't hold on to a reference to StyledElement::classNames() as that may become
invalid after mutating the element's attribute data.
In this case it was happening below Element::hasAttributes() which is unfortunately
naive enough to always serialize lazy attributes. That is a minor inefficiency that
can be addressed in a separate patch.
Covered by valgrind on existing tests.
* css/StyleResolver.cpp:
(WebCore::StyleResolver::collectMatchingRules):
2012-10-31 Lucas Forschler <lforschler@apple.com>
Merge r123131
2012-07-19 Raymond Toy <rtoy@google.com>
Limit maximum delay of DelayNode.
https://bugs.webkit.org/show_bug.cgi?id=91675
Reviewed by Kenneth Russell.
Clip the maximum delay of a DelayNode to a reasonable maximum.
Test: webaudio/delaynode-maxdelaylimit.html
* Modules/webaudio/DelayNode.cpp:
(WebCore): Add maximumAllowedDelayTime.
(WebCore::DelayNode::DelayNode): Clip max delay.
2012-10-31 Lucas Forschler <lforschler@apple.com>
Merge r123128
2012-07-19 Douglas Stockwell <dstockwell@google.com>
Crash in WebCore::StyleResolver::collectMatchingRulesForList
https://bugs.webkit.org/show_bug.cgi?id=90803
Reviewed by Andreas Kling.
When a ProcessingInstruction was removed from the document the owner
was removed, but the style resolver was not guaranteed to be updated.
It was then possible for an inconsistent version of the stylesheet to
remain visible in the DOM. Fixed by removing an invalid condition and
mirroring the logic from StyleElement.
Test: fast/css/xml-stylesheet-removed.xhtml
* dom/ProcessingInstruction.cpp:
(WebCore::ProcessingInstruction::removedFrom): Mirror the logic from
StyleElement -- always update the style resolver.
2012-10-31 Lucas Forschler <lforschler@apple.com>
Merge r123062
2012-07-18 Julien Chaffraix <jchaffraix@webkit.org>
Crash in RenderTableSection::addCell.
http://webkit.org/b/89496
Reviewed by Abhishek Arya.
The issue comes from RenderBox::splitAnonymousBoxesAroundChild that would move sections
across tables but didn't force the table to do a synchronous section recalc. This opened
the way for race conditions where we would query the table column structure while it's dirty
(this is not uncommon but as usually the table's column representation is always bigger or
more split than a section's, it's usually harmless).
The fix is to force a synchronous section recalc.
Test: fast/table/split-table-no-section-update-crash.html
* rendering/RenderBox.cpp:
(WebCore::markBoxForRelayoutAfterSplit):
Changed to call forceSectionsRecalc ie force a section recalc.
* rendering/RenderTable.cpp:
(WebCore::RenderTable::recalcSections):
Added missing ASSERT for unneeded calls.
* rendering/RenderTable.h:
(WebCore::RenderTable::forceSectionsRecalc):
Added this helper function.
2012-10-31 Lucas Forschler <lforschler@apple.com>
Merge r122755
2012-07-16 Florin Malita <fmalita@chromium.org>
SVGAnimationElement::currentValuesForValuesAnimation crash
https://bugs.webkit.org/show_bug.cgi?id=91326
Reviewed by Simon Fraser.
SVGSMILElement::progress() assumes that seekToIntervalCorrespondingToTime() always
lands inside a defined interval, but one can force arbitrary time offsets using
setCurrentTime(). This patch adds logic for handling non-interval time offsets
gracefully.
Test: svg/animations/smil-setcurrenttime-crash.svg
* svg/animation/SVGSMILElement.cpp:
(WebCore::SVGSMILElement::progress):
2012-10-31 Lucas Forschler <lforschler@apple.com>
Merge r122278
2012-07-10 Philip Rogers <pdr@google.com>
Crash due to SVG animation element not removed from target (before reset)
https://bugs.webkit.org/show_bug.cgi?id=90750
Reviewed by Abhishek Arya.
Previously we were not removing an animation element from
SVGDocumentExtensions::m_animatedElements which led to a crash.
This change properly removes animation elements in resetTargetElement
which both fixes this bug and will prevent others from hitting it in
the future.
Test: svg/animations/dynamic-modify-attributename-crash2.svg
* svg/SVGDocumentExtensions.cpp:
(WebCore::SVGDocumentExtensions::removeAllAnimationElementsFromTarget):
removeAllAnimationElementsFromTarget now adds all the animation elements
to a vector and iterates over it because the changes to resetTargetElement
would have caused us to modify the underlying hashset as we iterated. Note that
before we deleted animationElementsForTarget in removeAllAnimationElementsFromTarget
but that logic is now handled in removeAnimationElementFromTarget which is called
during resetTargetElement.
* svg/animation/SVGSMILElement.cpp:
(WebCore::SVGSMILElement::removedFrom):
Because of the changes in resetTargetElement, removedFrom was able to be
refactored. This patch changes removedFrom to call resetTargetElement rather
than have duplicated logic. There is a very small change in logic here:
animationAttributeChanged() is now called in removedFrom().
(WebCore::SVGSMILElement::resetTargetElement):
resetTargetElement now fully resets the target, including removing it from
m_animatedElements. This will prevent future instances of this bug.
2012-10-31 Lucas Forschler <lforschler@apple.com>
Merge r121930
2012-07-05 Hayato Ito <hayato@chromium.org>
[Crash] Click an element which will be 'display: none' on focus.
https://bugs.webkit.org/show_bug.cgi?id=90516
Reviewed by Hajime Morita.
EventHandler::handleMousePressEventSingleClick checks whether
innerNode has a renderer in the beginning of the function. But
the renderer may disappear in the middle of the function since its
style has just become 'display:none'. As a result, it touches null renderer
in EventHandler.cpp:517:
VisiblePosition visiblePos(innerNode->renderer()->positionForPoint(event.localPoint()));
In the case of 'display:none', we don't have to continue. So call
updateLayoutIgnorePendingStylesheets() in the beginning so that we
can early exit and do not touch null renderer.
Test: fast/events/display-none-on-focus-crash.html
* page/EventHandler.cpp:
(WebCore::EventHandler::handleMousePressEventSingleClick):
2012-10-31 Lucas Forschler <lforschler@apple.com>
Merge r121491
2012-06-28 Philip Rogers <pdr@google.com>
Prevent crash in animate resource handling
https://bugs.webkit.org/show_bug.cgi?id=90042
Reviewed by Abhishek Arya.
This patch adds a check that we are in a document before registering animation
resources and creating a target element in SVGSMILElement. This prevents a crash where
we would register resources and create the target when we were not in a document
but fail to deregister / reset the target when we were removed from a document.
In failing to reset the target, we can crash when trying to deregister resources that
were not created after being inserted into a document and then removed.
The existence of m_targetResources and registered animation resources is now
tied to being in a document.
Test: svg/custom/animate-reference-crash.html
* svg/animation/SVGSMILElement.cpp:
(WebCore::SVGSMILElement::targetElement):
2012-10-31 Lucas Forschler <lforschler@apple.com>
Merge r121003
2012-06-21 Ryosuke Niwa <rniwa@webkit.org>
LabelsNodeList isn't updated properly after its owner node is adopted into a new document
https://bugs.webkit.org/show_bug.cgi?id=89730
Reviewed by Darin Adler.
When a node is adopted, node lists that are invalidated at document level need to be unregistered
from old document and registered to new document so that DOM mutations in new document will invalidate
caches in the node lists. Done that in NodeListsNodeData::adoptTreeScope, which was extracted from
TreeScopeAdopter::moveTreeToNewScope.
Also renamed DynamicNodeList::node() and m_node to rootNode() and m_ownerNode to better express
their semantics and added ownerNode() to make m_ownerNode private to DynamicNodeList.
Test: fast/forms/label/labels-owner-node-adopted.html
* bindings/js/JSNodeListCustom.cpp:
(WebCore::JSNodeListOwner::isReachableFromOpaqueRoots):
* dom/ChildNodeList.cpp:
(WebCore::ChildNodeList::~ChildNodeList):
(WebCore::ChildNodeList::length):
(WebCore::ChildNodeList::item):
(WebCore::ChildNodeList::nodeMatches):
* dom/ClassNodeList.cpp:
(WebCore::ClassNodeList::ClassNodeList):
(WebCore::ClassNodeList::~ClassNodeList):
* dom/DynamicNodeList.cpp:
(WebCore::DynamicSubtreeNodeList::length):
(WebCore::DynamicSubtreeNodeList::itemForwardsFromCurrent):
(WebCore::DynamicSubtreeNodeList::itemBackwardsFromCurrent):
(WebCore::DynamicSubtreeNodeList::item):
(WebCore::DynamicNodeList::itemWithName):
* dom/DynamicNodeList.h:
(WebCore::DynamicNodeList::DynamicNodeList):
(WebCore::DynamicNodeList::ownerNode):
(WebCore::DynamicNodeList::rootedAtDocument):
(WebCore::DynamicNodeList::shouldInvalidateOnAttributeChange):
(WebCore::DynamicNodeList::rootNode):
(WebCore::DynamicNodeList::document):
(DynamicNodeList):
* dom/NameNodeList.cpp:
(WebCore::NameNodeList::~NameNodeList):
* dom/NodeRareData.h:
(WebCore::NodeListsNodeData::adoptTreeScope):
(NodeListsNodeData):
* dom/TagNodeList.cpp:
(WebCore::TagNodeList::~TagNodeList):
* dom/TreeScopeAdopter.cpp:
(WebCore::TreeScopeAdopter::moveTreeToNewScope):
* html/LabelsNodeList.cpp:
(WebCore::LabelsNodeList::~LabelsNodeList):
(WebCore::LabelsNodeList::nodeMatches):
* html/RadioNodeList.cpp:
(WebCore::RadioNodeList::~RadioNodeList):
(WebCore::RadioNodeList::checkElementMatchesRadioNodeListFilter):
2012-10-31 Lucas Forschler <lforschler@apple.com>
Merge r121001
2012-06-21 Abhishek Arya <inferno@chromium.org>
Crash in RenderBlock::layoutPositionedObjects.
https://bugs.webkit.org/show_bug.cgi?id=89599
Reviewed by Julien Chaffraix.
Test: fast/table/table-split-positioned-object-crash.html
* rendering/RenderBlock.cpp:
(WebCore::RenderBlock::splitBlocks): no longer need to explicitly call
removePositionedObjects, since it is part of moveChildrenTo.
* rendering/RenderBlock.h:
(WebCore::RenderBlock::hasPositionedObjects): helper to tell if we have
positioned objects in our list.
* rendering/RenderBox.cpp:
(WebCore::RenderBox::splitAnonymousBoxesAroundChild): Like r102263, this
condition was wrong and while moving children across completely different
trees, we need fullRemoveInsert as true.
* rendering/RenderBoxModelObject.cpp:
(WebCore::RenderBoxModelObject::moveChildTo): see code comment.
(WebCore::RenderBoxModelObject::moveChildrenTo): see code comment.
2012-10-31 Lucas Forschler <lforschler@apple.com>
Merge r118249
2012-05-23 Abhishek Arya <inferno@chromium.org>
Crash in run-ins with continuations while moving back to original position.
https://bugs.webkit.org/show_bug.cgi?id=87264
Reviewed by Julien Chaffraix.
Run-in that are now placed in sibling block can break up into continuation
chains when new children are added to it. We cannot easily send them back to their
original place since that requires writing integration logic with RenderInline::addChild
and all other places that might cause continuations to be created (without blowing away
|this|). Disabling this feature for now to prevent crashes.
Test: fast/runin/runin-continuations-crash.html
* rendering/RenderBlock.cpp:
(WebCore::RenderBlock::moveRunInToOriginalPosition):
2012-10-31 Lucas Forschler <lforschler@apple.com>
Merge r117971
2012-05-22 Nikolas Zimmermann <nzimmermann@rim.com>
Crash in WebCore::RenderSVGContainer::paint
https://bugs.webkit.org/show_bug.cgi?id=86392
Reviewed by Rob Buis.
Modernize the <marker> code, switch to the same design pattern used for handling zero-length subpaths.
Decouple the generation of the marker start/mid/end positions from the actual usage of these information.
Only generate those marker positions if the underlying Path changes, and never else.
When figuring out the bounds for a shape, access to current set of RenderSVGResourceMarker start/mid/end resources
and ask the marker resources for their bounds using the previously figured out marker positions on the Path.
Drawing markers is handled in the same way.
Remove SVGMarkerLayoutInfo alltogether which stored raw pointers to the RenderSVGResourceMarkers.
We assumed that those objects would stay alive from layout() to paint(), but that assumption is wrong.
Tests: svg/custom/bug86392.html
svg/custom/marker-zero-length-linecaps-expected.svg
svg/custom/marker-zero-length-linecaps.svg
* CMakeLists.txt: Remove SVGMarkerLayoutInfo.*.
* GNUmakefile.list.am: Ditto.
* Target.pri: Ditto.
* WebCore.gypi: Ditto.
* WebCore.order: Ditto.
* WebCore.vcproj/WebCore.vcproj: Ditto.
* WebCore.xcodeproj/project.pbxproj: Ditto.
* rendering/svg/RenderSVGAllInOne.cpp: Ditto.
* rendering/svg/RenderSVGShape.cpp: Handle markers just like the existing zero leng subpath code, which is superior.
(WebCore::RenderSVGShape::createShape):
(WebCore::RenderSVGShape::layout):
(WebCore::RenderSVGShape::shouldGenerateMarkerPositions):
(WebCore::RenderSVGShape::paint):
(WebCore::markerForType):
(WebCore::RenderSVGShape::markerRect):
(WebCore::RenderSVGShape::inflateWithStrokeAndMarkerBounds):
(WebCore::RenderSVGShape::drawMarkers):
(WebCore::RenderSVGShape::processMarkerPositions):
* rendering/svg/RenderSVGShape.h:
(RenderSVGShape):
* rendering/svg/SVGMarkerData.h:
(WebCore::MarkerPosition::MarkerPosition):
(MarkerPosition):
(WebCore::SVGMarkerData::SVGMarkerData):
(WebCore::SVGMarkerData::updateFromPathElement):
(WebCore::SVGMarkerData::pathIsDone):
(SVGMarkerData):
(WebCore::SVGMarkerData::currentAngle):
* rendering/svg/SVGMarkerLayoutInfo.cpp: Removed.
* rendering/svg/SVGMarkerLayoutInfo.h: Removed.
* rendering/svg/SVGResourcesCache.cpp:
(WebCore::resourcesCacheFromRenderObject):
(WebCore::SVGResourcesCache::cachedResourcesForRenderObject):
* rendering/svg/SVGResourcesCache.h:
(SVGResourcesCache):
2012-10-31 Lucas Forschler <lforschler@apple.com>
Merge r117865
2012-05-21 Abhishek Arya <inferno@chromium.org>
Regression(r117482): Run-in crashes relating to generated content and inline line box clearing.
https://bugs.webkit.org/show_bug.cgi?id=86879
Reviewed by Julien Chaffraix.
Tests: fast/runin/generated-content-crash.html
fast/runin/move-run-in-original-position-crash.html
* rendering/RenderBlock.cpp:
(WebCore::RenderBlock::addChildIgnoringAnonymousColumnBlocks): Use the new helper
placeRunInIfNeeded. Do not place the run-in if it is a generated container since
the caller such as updateBeforeAfterContent might be keeping a reference to it
and adding children to it later.
(WebCore::destroyRunIn): Add ability to clear line box tree for inlines.
(WebCore::RenderBlock::placeRunInIfNeeded): Helper to place run-in. Add an
argument to not modify generated content during addChild, it should be moved
only at end of updateBeforeAfterContent.
(WebCore::RenderBlock::moveRunInUnderSiblingBlockIfNeeded):
(WebCore::RenderBlock::runInIsPlacedIntoSiblingBlock): helper to tell if this run-in
is actually placed into the next sibling block.
(WebCore::RenderBlock::moveRunInToOriginalPosition):
* rendering/RenderInline.cpp:
(WebCore::RenderInline::deleteLineBoxTree): like RenderBlock, add a helper
for deleteLineBoxTree. Virtualizing this might not be good, since this is
the only call site for inline line box tree clearing and RenderBlock::deleteLineBoxTree
is called a lot.
* rendering/RenderObjectChildList.cpp:
(WebCore::createRendererForBeforeAfterContent): fix a typo.
(WebCore::RenderObjectChildList::updateBeforeAfterContent): If insertBefore is equal
to the intruded run-in, then set it to next sibling so that new child will come after it. At
the end, place the generatedContainer if it is a run-in.
2012-10-31 Lucas Forschler <lforschler@apple.com>
Merge r117482
2012-05-17 Abhishek Arya <inferno@chromium.org>
Move run-in handling to addChild, instead of in layout.
https://bugs.webkit.org/show_bug.cgi?id=86387
Reviewed by Julien Chaffraix.
Tests: fast/runin/insert-before-run-in.html
fast/runin/run-in-after-run-in.html
fast/runin/run-in-parent-add-child.html
fast/runin/run-in-parent-block-child-add-and-intrude.html
fast/runin/run-in-parent-block-child-add.html
* rendering/RenderBlock.cpp:
(WebCore::RenderBlock::addChildIgnoringAnonymousColumnBlocks): handle run-ins here
instead of layout. We do run-in handling when we see a new child with run-in display
or add a new block whose previous sibling is run-in.
(WebCore::RenderBlock::makeChildrenNonInline): if we will have block children, need
to move run-in back to its original position.
(WebCore::RenderBlock::handleSpecialChild): no longer need to handle run-ins during layout.
(WebCore::destroyRunIn): helper to destroy a block or inline run-in.
(WebCore):
(WebCore::RenderBlock::createReplacementRunIn): helper to create the new replacement run-in.
For moveRunInUnderSiblingBlockIfNeeded, it will be used to create a new inline run-in
that goes into the next sibling block. For moveRunInToOriginalPosition, it creates a new
block run-in that goes back to where it came from.
(WebCore::RenderBlock::moveRunInUnderSiblingBlockIfNeeded): almost same as previous
handleRunInChild function, but with the return type removed. Also, we don't allow
a run-in to intrude into a block that already has a run-in.
(WebCore::RenderBlock::moveRunInToOriginalPosition): moves run-in back to where it came from.
* rendering/RenderBlock.h:
(RenderBlock):
* rendering/RenderBox.cpp:
* rendering/RenderBox.h:
(RenderBox):
* rendering/RenderBoxModelObject.cpp: move all moveChild* functions from RenderBox, since
they can now be used to move children of inlines.
(WebCore::RenderBoxModelObject::moveChildTo): same.
(WebCore):
(WebCore::RenderBoxModelObject::moveChildrenTo): same.
* rendering/RenderBoxModelObject.h:
(RenderBoxModelObject):
(WebCore::RenderBoxModelObject::moveChildTo): same.
(WebCore::RenderBoxModelObject::moveAllChildrenTo): same.
(WebCore::RenderBoxModelObject::moveChildrenTo): same.
2012-10-30 Lucas Forschler <lforschler@apple.com>
Merge r117224
2012-05-15 Abhishek Arya <inferno@chromium.org>
Crash in Document::nodeChildrenWillBeRemoved.
https://bugs.webkit.org/show_bug.cgi?id=85247
Reviewed by Hajime Morita.
Reverse ordering of commands to ref ptr the children set
first before calling nodeChildrenWillBeRemoved, since it
can fire mutation events.
Test: fast/dom/HTMLObjectElement/beforeload-set-text-crash.xhtml
* dom/ContainerNode.cpp:
(WebCore::willRemoveChildren):
2012-10-30 Lucas Forschler <lforschler@apple.com>
Merge r116255.
2012-05-06 MORITA Hajime <morrita@google.com>
[Shadow DOM] Node distribution should be refreshed before style recalc.
https://bugs.webkit.org/show_bug.cgi?id=85259
Reviewed by Dimitri Glazkov.
Element::recalcStyle() calls child element's recalcStyle()
recursively, following ShadowTree::recalcShadowTreeStyle(). But
recalcShadowTreeStyle() should be called before such recursion if
necessary.
This is because style calculation and following renderer attachment
of each child element depends on up-to-date node distribution result
which is computed during the recalcShadowTreeStyle().
Test: fast/dom/shadow/shadow-dynamic-style-change-via-mutation-and-selector.html
* dom/Element.cpp: Moved recalcShadowTreeStyle() before child traversals.
(WebCore::Element::recalcStyle):
2012-09-18 Lucas Forschler <lforschler@apple.com>
Merge r128845.
2012-09-17 Roger Fong <roger_fong@apple.com>
[Win] Null check timing function received from CoreAnimation when calling CACFAnimationGetTimingFunction.
https://bugs.webkit.org/show_bug.cgi?id=96972
Timothy Horton
When paused, some CSS animations cause CoreAnimation to pass back a null timing function when calling CACFAnimationGetTimingFunction.
This patch fixes this simply by ensuring that if the output of this method is null, it does not get passed into CACFAnimationSetTimingFunction
via the PlatformCAAnimation::copyTimingFunctionFrom method.
* platform/graphics/ca/win/PlatformCAAnimationWin.cpp:
(PlatformCAAnimation::copyTimingFunctionFrom):
2012-09-18 Lucas Forschler <lforschler@apple.com>
Merge r126666.
2012-08-24 Roger Fong <roger_fong@apple.com>
-webkit-font-smoothing: antialiased should use CG font rendering code path, not GDI
https://bugs.webkit.org/show_bug.cgi?id=54004
<rdar://problem/8971429>
Reviewed by Dan Bernstein.
When specifying -webkit-font-smoothing: antialised; the code path ends up using GDI to draw the text.
GDI ends up drawing subpixel antialiased text, not aliased text anyways.
The CG code path also has the capability of drawing antialiased text. The reason that the GDI path was
used in the first place is no longer a concern here so we can stop using the GDI code path.
* platform/graphics/win/FontCGWin.cpp: Removing GDI font drawing code path.
(WebCore):
(WebCore::Font::drawGlyphs):
2012-08-29 Timothy Hatcher <timothy@apple.com>
Merge r126921.
2012-08-29 Jer Noble <jer.noble@apple.com>
Crash in WebCore::logPluginRequest + 183
https://bugs.webkit.org/show_bug.cgi?id=95218
Reviewed by Oliver Hunt.
Crash is within findPluginMIMETypeFromURL, caused by a null-dereference of
page()->pluginData(). Add a null-check and return an empty string.
* loader/SubframeLoader.cpp:
(WebCore::findPluginMIMETypeFromURL):
2012-08-20 Mark Rowe <mrowe@apple.com>
Merge r122354.
2012-07-11 Dean Jackson <dino@apple.com>
TileCache layers have wrong border debug color
https://bugs.webkit.org/show_bug.cgi?id=90922
Reviewed by Simon Fraser.
Commit r122152 updated the layer hierarchy when a tile
cache is being used by the view. As part of that, GraphicsLayerClient::shouldUseTileCache()
was changed to return false in some situations (the idea was that it
should only be called from the createGraphicsLayer method). However
there were two other call points: one that sets the debug colors on
borders, the other was a call that keeps the document background in sync.
Add a new method usingTileCache() that returns the current state. Also fix
a FIXME where the debug code always called into the client rather than
caching the value on the GraphicsLayer.
Test: compositing/document-background-color.html
* platform/graphics/GraphicsLayer.cpp:
(WebCore::GraphicsLayer::GraphicsLayer):
(WebCore::GraphicsLayer::updateDebugIndicators): check the local variable when
setting the debug colors.
* platform/graphics/GraphicsLayer.h:
(GraphicsLayer): new bool member variable m_usingTileCache.
* platform/graphics/GraphicsLayerClient.h:
(WebCore::GraphicsLayerClient::usingTileCache): new virtual method to query if
this client is actually using the tile cache.
* platform/graphics/ca/GraphicsLayerCA.cpp:
(WebCore::GraphicsLayerCA::GraphicsLayerCA): set the member variable m_usingTileCache
if the GraphicsLayerClient says we are.
* rendering/RenderLayerBacking.h:
(WebCore::RenderLayerBacking::usingTileCache):
* rendering/RenderLayerCompositor.cpp:
(WebCore::RenderLayerCompositor::documentBackgroundColorDidChange): call usingTileCache()
rather than shouldUseTileCache(), because the latter's value might not always reflect
the existence of a cache.
2012-08-14 Lucas Forschler <lforschler@apple.com>
Merge r124268.
2012-07-31 Sam Weinig <sam@webkit.org>
Stop masking 8 bits off of the visited link hash. We need all the bits!
https://bugs.webkit.org/show_bug.cgi?id=92799
Reviewed by Anders Carlsson.
* loader/appcache/ApplicationCacheStorage.cpp:
(WebCore::urlHostHash):
* platform/network/blackberry/CredentialBackingStore.cpp:
(WebCore::hashCredentialInfo):
* plugins/blackberry/PluginPackageBlackBerry.cpp:
(WebCore::PluginPackage::hash):
Update for new function names.
2012-08-13 Andy Estes <aestes@apple.com>
<rdar://problem/12050793> Brahms: REGRESSION (r113584): Apple reseller website does not display correctly. (91452)
Roll out <http://trac.webkit.org/changeset/94492>,
<http://trac.webkit.org/changeset/103851>, and
<http://trac.webkit.org/changeset/113584> from safari-536.26-branch.
* rendering/RenderBlock.cpp:
(WebCore::RenderBlock::layoutPositionedObjects):
* rendering/RenderBlock.h:
(RenderBlock):
* rendering/RenderBlockLineLayout.cpp:
(WebCore::LineInfo::LineInfo):
(WebCore::LineInfo::floatPaginationStrut):
(LineInfo):
(WebCore::RenderBlock::constructLine):
(WebCore):
(WebCore::RenderBlock::computeInlineDirectionPositionsForLine):
(WebCore::setStaticPositions):
(WebCore::RenderBlock::layoutRunsAndFloatsInRange):
(WebCore::RenderBlock::LineBreaker::skipLeadingWhitespace):
2012-08-13 Lucas Forschler <lforschler@apple.com>
Merge r125104.
2012-08-08 Beth Dakin <bdakin@apple.com>
https://bugs.webkit.org/show_bug.cgi?id=93393
Overflow regions sometimes repaint incorrectly after going into or
coming out of compositing mode
-and corresponding-
<rdar://problem/12006463>
Reviewed by Simon Fraser.
My first patch to fix this bug removed an if (parent()) check that is
needed to prevent a table crash seen in
fast/table/table-row-compositing-repaint-crash.html
The parent() check was actually added originally to prevent this same
crash. See http://trac.webkit.org/changeset/110456
This patch adds that check back, but really we should delay the
computation of repaint rects if layout has not happened yet.
* rendering/RenderLayerCompositor.cpp:
(WebCore::RenderLayerCompositor::updateBacking):
2012-08-13 Lucas Forschler <lforschler@apple.com>
Merge r125086.
2012-08-08 Beth Dakin <bdakin@apple.com>
https://bugs.webkit.org/show_bug.cgi?id=93393
Overflow regions sometimes repaint incorrectly after going into or
coming out of compositing mode
-and corresponding-
<rdar://problem/12006463>
Reviewed by Simon Fraser.
New RenderLayer function computeRepaintRectsIncludingDescendants()
* rendering/RenderLayer.cpp:
(WebCore):
(WebCore::RenderLayer::computeRepaintRectsIncludingDescendants):
* rendering/RenderLayer.h:
(RenderLayer):
It is not sufficient to compute repaint rects just for the current
layer when compositing changes. They must be recomputed for all
descendant layers as well.
* rendering/RenderLayerCompositor.cpp:
(WebCore::RenderLayerCompositor::updateBacking):
2012-08-13 Lucas Forschler <lforschler@apple.com>
Merge r123013.
2012-07-18 Oliver Hunt <oliver@apple.com>
WebKit provides APIs that make it possible for JSC to attempt to initialise the heap without initialising threading
https://bugs.webkit.org/show_bug.cgi?id=91663
Reviewed by Filip Pizlo.
Initialising a JSGlobalData now requires us to have initialised JSC's threading
logic, as that also initialises the JSC VM runtime options. WebKit provides a
number of routines that make use of commonJSGlobalData() that can be used before
webcore has called the appropriate initialisation routine. This patch makes the
minimal change of ensuring that commonJSGlobalData initialises threading before
attempting to create the common heap.
* bindings/js/JSDOMWindowBase.cpp:
(WebCore::JSDOMWindowBase::commonJSGlobalData):
2012-08-13 Lucas Forschler <lforschler@apple.com>
Merge r118725.
2012-05-28 Kent Tamura <tkent@chromium.org>
Fix a crash in HTMLFormControlElement::disabled().
https://bugs.webkit.org/show_bug.cgi?id=86534
Reviewed by Ryosuke Niwa.
Stop to hold pointers of fildset and legend elements. We can avoid it by
holding ancestor's disabled state.
The ancesotr's disabled state should be invalidated when
- fieldset's disabled value is changed.
- fieldset's children is updated because a legend position might be changed.
- A form control is attached to or detached from a tree.
No new tests. It's almost impossible to make a reliable test.
* html/HTMLFieldSetElement.cpp:
(WebCore::HTMLFieldSetElement::invalidateDisabledStateUnder):
Added. Invalidate disabled state of form controls under the specified node.
(WebCore::HTMLFieldSetElement::disabledAttributeChanged):
Uses invalidateDisabledStateUnder().
(WebCore::HTMLFieldSetElement::childrenChanged):
Added new override function. We need invalidate disabled state of form
controls under legend elements.
* html/HTMLFieldSetElement.h:
(HTMLFieldSetElement): Add invalidateDisabledStateUnder() and childrenChanged().
* html/HTMLFormControlElement.cpp:
(WebCore::HTMLFormControlElement::HTMLFormControlElement):
Remove initialization of the removed data members.
Initialize m_ancestorDisabledState.
(WebCore::HTMLFormControlElement::updateAncestorDisabledState):
Update m_ancestorDisabledState. It should be
AncestorDisabledStateDisabled if the control is under a disabled
fieldset and not under the first legend child of the disabled filedset.
(WebCore::HTMLFormControlElement::ancestorDisabledStateWasChanged):
Invalidate m_ancestorDisabledState.
(WebCore::HTMLFormControlElement::insertedInto): ditto.
(WebCore::HTMLFormControlElement::removedFrom): ditto.
(WebCore::HTMLFormControlElement::disabled):
Calls updateAncestorDisabledState() if needed.
(WebCore::HTMLFormControlElement::recalcWillValidate):
Remove unnecessary check for m_legendAncestor.
* html/HTMLFormControlElement.h:
(HTMLFormControlElement):
- Rename updateFieldSetAndLegendAncestor() to updateAncestorDisabledState(), and make it private.
- Remove m_fieldSetAncestor, m_legendAncestor, and m_fieldSetAncestorValid.
- Add m_ancestorDisabledState.
2012-08-13 Lucas Forschler <lforschler@apple.com>
Merge r118721
2012-05-28 Kent Tamura <tkent@chromium.org>
Form controls in <fieldset disabled> should not be validated.
https://bugs.webkit.org/show_bug.cgi?id=87381
Reviewed by Hajime Morita.
We need to use disabeld() instead of m_disabled to calculate
willValidate property. Also, we need to update willValidate if
necessary.
Test: fast/forms/fieldset/validation-in-fieldset.html
* html/HTMLFieldSetElement.cpp:
(WebCore::HTMLFieldSetElement::disabledAttributeChanged):
- Do not traverse this.
- Calls ancestorDisabledStateWasChanged() instead of
setNeedsStyleRecalc() because we'd like to do additional tasks.
* html/HTMLFormControlElement.cpp:
(WebCore::HTMLFormControlElement::ancestorDisabledStateWasChanged):
Added. Just calls disabledAttributeChanged().
(WebCore::HTMLFormControlElement::parseAttribute):
Do not call setNeedsWillValidateCheck() whenever an attribute is updated.
It should be called only if disabled or readonly attribute is updated.
(WebCore::HTMLFormControlElement::disabledAttributeChanged):
Add setNeedsWillValidateCheck(). It was moved from parseAttribute().
(WebCore::HTMLFormControlElement::insertedInto):
Invalidate ancestor information.
(WebCore::HTMLFormControlElement::recalcWillValidate):
Use disabled() instead of m_disabled. disabled() takes care of
ancestor's disabled state.
* html/HTMLFormControlElement.h:
(HTMLFormControlElement):
2012-08-10 Lucas Forschler <lforschler@apple.com>
Merge r125124.
2012-08-08 Brady Eidson <beidson@apple.com>
Google search query text reverts to original search query after multiple searches
<rdar://problem/10800686> and https://bugs.webkit.org/show_bug.cgi?id=93544
Reviewed by Darin Adler.
For security sensitive fields we normally clear "autocomplete=off" form elements when
restoring a page from the page cache.
If the element is textual and has a defaultValue then "clearing" it actually restores
the default value.
There's no scenario we can imagine where that makes sense so we should not reset the
value in such fields.
Test: fast/forms/autocomplete-off-with-default-value-does-not-clear.html
* html/HTMLInputElement.cpp:
(WebCore::HTMLInputElement::parseAttribute): Update suspension callback registration as needed.
(WebCore::HTMLInputElement::needsSuspensionCallback): Don't reset text fields with a non-empty default value.
2012-08-07 Lucas Forschler <lforschler@apple.com>
Merge 123121
2012-07-19 James Simonsen <simonjam@chromium.org>
Regression(120096): Protect the element used by ImageLoader until the end of notifyFinished().
https://bugs.webkit.org/show_bug.cgi?id=90471
Reviewed by Brady Eidson.
Test: http/tests/security/video-poster-cross-origin-crash.html
* html/HTMLImageLoader.cpp:
(WebCore::HTMLImageLoader::notifyFinished): Hang on to the element until we're done.
* loader/ImageLoader.cpp:
(WebCore::ImageLoader::setImage): No behavior change.
(WebCore):
(WebCore::ImageLoader::setImageWithoutConsideringPendingLoadEvent): Split off from old setImage, minus calling updatedHasPendingLoadEvent().
(WebCore::ImageLoader::notifyFinished): Invoke updatedHasPendingLoadEvent when done with cross origin errors.
* loader/ImageLoader.h:
(ImageLoader):
2012-08-07 Lucas Forschler <lforschler@apple.com>
Merge 120096
2012-06-12 Brady Eidson <beidson@apple.com>
<rdar://problem/11593686> and https://bugs.webkit.org/show_bug.cgi?id=88683
Garbage collection of an <img> element can cause reentrant event dispatch.
Reviewed by Darin Adler.
The most straightforward solution is for ImageLoader to keep its Element alive
with ref/deref any time the Image is actually loading.
ImageLoader should always do this for all Elements, and if those Elements want/need
different behavior for when they are detached then they need to manually stop their
loads.
Tests: http/tests/loading/embed-image-load-outlives-gc-without-crashing.html
http/tests/loading/image-input-type-outlives-gc-without-crashing.html
http/tests/loading/image-load-outlives-gc-without-crashing.html
http/tests/loading/object-image-load-outlives-gc-without-crashing.html
http/tests/loading/svg-image-load-outlives-gc-without-crashing.html
http/tests/loading/video-poster-image-load-outlives-gc-without-crashing.html
* loader/ImageLoader.cpp:
(WebCore::ImageLoader::ImageLoader):
(WebCore::ImageLoader::~ImageLoader):
(WebCore::ImageLoader::setImage):
(WebCore::ImageLoader::updateFromElement):
(WebCore::ImageLoader::notifyFinished):
(WebCore::ImageLoader::updatedHasPendingLoadEvent):
(WebCore::ImageLoader::dispatchPendingBeforeLoadEvent):
(WebCore::ImageLoader::dispatchPendingLoadEvent):
* loader/ImageLoader.h:
(ImageLoader):
2012-08-07 Lucas Forschler <lforschler@apple.com>
Merge 123936
2012-07-27 Brady Eidson <beidson@apple.com>
Plugins should not be allowed to override standard properties/attributes in non-standard worlds
<rdar://problem/11975252> and https://bugs.webkit.org/show_bug.cgi?id=92519
Reviewed by Anders Carlsson.
Change the 3 plugin-owning element's custom bindings to prefer built-in properties if they exist.
When they do they don't give the plugin a chance to override.
Test: plugins/npruntime/overrides-all-properties.html
Add plugin custom functions to prefer built-in properties over plugin scriptable object properties:
* bindings/js/JSPluginElementFunctions.h:
(WebCore::pluginElementCustomGetOwnPropertySlot):
(WebCore::pluginElementCustomGetOwnPropertyDescriptor):
Use those new custom functions for getting properties:
* bindings/js/JSHTMLAppletElementCustom.cpp:
(WebCore::JSHTMLAppletElement::getOwnPropertySlotDelegate):
(WebCore::JSHTMLAppletElement::getOwnPropertyDescriptorDelegate):
* bindings/js/JSHTMLEmbedElementCustom.cpp:
(WebCore::JSHTMLEmbedElement::getOwnPropertySlotDelegate):
(WebCore::JSHTMLEmbedElement::getOwnPropertyDescriptorDelegate):
* bindings/js/JSHTMLObjectElementCustom.cpp:
(WebCore::JSHTMLObjectElement::getOwnPropertySlotDelegate):
(WebCore::JSHTMLObjectElement::getOwnPropertyDescriptorDelegate):
2012-08-07 Lucas Forschler <lforschler@apple.com>
Merge 120328
2012-06-13 Mark Hahnenberg <mhahnenberg@apple.com>
Worker tear-down can re-enter JSC during GC finalization pt. 2
https://bugs.webkit.org/show_bug.cgi?id=88601
Reviewed by David Levin.
No new tests. Current regression tests are sufficient.
* workers/WorkerMessagingProxy.cpp:
(WebCore::WorkerMessagingProxy::WorkerMessagingProxy):
(WebCore::WorkerMessagingProxy::workerObjectDestroyed): We clear the m_workerObject here because
we don't want anybody else trying to send messages to the Worker now that it has been destroyed.
We also queue the asynchronous task for the various other cleanup that still needs to be done.
This allows us to avoid the problem of re-entrant JS code execution during GC.
(WebCore):
(WebCore::WorkerMessagingProxy::workerObjectDestroyedInternal): Here we set m_mayBeDestroyed to true.
This is the point after which deleting the WorkerMessagingProxy in workerContextDestroyedInternal()
is okay. It could happen during this function call if the worker thread has been shutdown already, or
it could be called later after we shut down the worker thread.
(WebCore::WorkerMessagingProxy::workerContextDestroyedInternal): We check m_mayBeDestroyed here
instead of checking m_workerObject. This change effectively orthogonalizes the roles that m_workerObject
was filling. Since we were eagerly clearing m_workerObject, but we wanted to asynchronously call
workerObjectDestroyed(), we needed to make sure we didn't accidentally try to delete the WorkerMessagingProxy
twice (once from destroying the Worker and once from destroying the WorkerContext). This boolean field
should fix that issue--we set it lazily like we wanted to do without being in danger of causing use-after-free
issues with m_workerObject.
* workers/WorkerMessagingProxy.h: Added the new field and function.
(WorkerMessagingProxy):
2012-08-07 Lucas Forschler <lforschler@apple.com>
Merge 119740
2012-06-07 Mark Hahnenberg <mhahnenberg@apple.com>
Worker tear-down can re-enter JSC during GC finalization
https://bugs.webkit.org/show_bug.cgi?id=88449
Reviewed by Geoffrey Garen.
No new tests.
This is the first of two patches to fix this issue with Workers.
* workers/AbstractWorker.cpp:
(WebCore::AbstractWorker::~AbstractWorker): We don't need to call onDestroyWorker() here, it
will be called elsewhere in contextDestroyed().
2012-08-07 Lucas Forschler <lforschler@apple.com>
Merge 124811
2012-08-06 Beth Dakin <bdakin@apple.com>
https://bugs.webkit.org/show_bug.cgi?id=93199
REGRESSION (r124489): Crash in FrameView::scrollContentsFastPath when
scrolling Facebook and Google image search
-and corresponding-
<rdar://problem/12035066>
Reviewed by Anders Carlsson.
As the comment in setShouldUpdateScrollLayerPositionOnMainThread()
indicates, the goal of adding a call to
updateMainFrameScrollPositionAndScrollLayerPosition() within that
function was just to make sure the layer position was up-to-date
since that is what is not kept up to date when scrolling is happening
on the scrolling thread. So I'm fixing this crash by having that code
ONLY update the layer position instead of also updating the scroll
position, since it was updating the scroll position that led to this
crash.
New function updateMainFrameScrollLayerPosition() will update JUST
the layer position.
* page/scrolling/ScrollingCoordinator.h:
(ScrollingCoordinator):
* page/scrolling/ScrollingCoordinator.cpp:
(WebCore::ScrollingCoordinator::updateMainFrameScrollLayerPosition):
Update just the layer position here instead of the layer position and
the scroll position.
(WebCore)::
(WebCore::ScrollingCoordinator::setShouldUpdateScrollLayerPositionOnMainThread):
2012-08-07 Lucas Forschler <lforschler@apple.com>
Merge 124102
2012-07-30 Anders Carlsson <andersca@apple.com>
Crash in logging code if MIME type is null
https://bugs.webkit.org/show_bug.cgi?id=92683
<rdar://problem/11985295>
Reviewed by Dan Bernstein.
If the MIME type is null, try to figure it out from the URL extension. If this fails, return early instead of crashing
trying to insert the null string into a hash set.
* loader/SubframeLoader.cpp:
(WebCore::logPluginRequest):
2012-08-08 Lucas Forschler <lforschler@apple.com>
Merge 124720
2012-08-05 Antti Koivisto <antti@apple.com>
Don't reuse cached stylesheet with failed or canceled resource loads
https://bugs.webkit.org/show_bug.cgi?id=93203
Reviewed by Simon Fraser.
1) Go to apple.com
2) Reload repeatedly
Eventually you can get into state where some images don't load.
The problem is that a cached stylesheet may end up pointing to image resources that have been canceled (by the reload).
If this happens they stay in the canceled state even when the stylesheet is applied to a new document.
Fix by checking if all loads are complete (or pending) when restoring a cached stylesheet. The sheet is only used
if there are no failed or canceled loads. There are potential more sophisticated fixes but this is simple and safe.
Walking the sheet is fast and since it is only done on cache restore the cost is minimal.
No regression test yet though the new code does get exercised by the existing tests.
* css/CSSCrossfadeValue.cpp:
(WebCore::CSSCrossfadeValue::hasFailedOrCanceledSubresources):
(WebCore):
* css/CSSCrossfadeValue.h:
(CSSCrossfadeValue):
* css/CSSFontFaceSrcValue.cpp:
(WebCore::CSSFontFaceSrcValue::hasFailedOrCanceledSubresources):
(WebCore):
* css/CSSFontFaceSrcValue.h:
(CSSFontFaceSrcValue):
* css/CSSImageSetValue.cpp:
(WebCore::CSSImageSetValue::hasFailedOrCanceledSubresources):
(WebCore):
* css/CSSImageSetValue.h:
(CSSImageSetValue):
* css/CSSImageValue.cpp:
(WebCore::CSSImageValue::hasFailedOrCanceledSubresources):
(WebCore):
* css/CSSImageValue.h:
(CSSImageValue):
* css/CSSValue.cpp:
(WebCore::CSSValue::hasFailedOrCanceledSubresources):
(WebCore):
* css/CSSValue.h:
(CSSValue):
* css/CSSValueList.cpp:
(WebCore::CSSValueList::hasFailedOrCanceledSubresources):
(WebCore):
* css/CSSValueList.h:
(CSSValueList):
* css/StylePropertySet.cpp:
(WebCore::StylePropertySet::hasFailedOrCanceledSubresources):
(WebCore):
* css/StylePropertySet.h:
(StylePropertySet):
* css/StyleSheetContents.cpp:
(WebCore::childRulesHaveFailedOrCanceledSubresources):
(WebCore):
(WebCore::StyleSheetContents::hasFailedOrCanceledSubresources):
* css/StyleSheetContents.h:
(StyleSheetContents):
* loader/cache/CachedCSSStyleSheet.cpp:
(WebCore::CachedCSSStyleSheet::restoreParsedStyleSheet):
* loader/cache/CachedResource.h:
(WebCore::CachedResource::loadFailedOrCanceled):
2012-08-07 Lucas Forschler <lforschler@apple.com>
Merge 116291
2012-05-07 Antti Koivisto <antti@apple.com>
Share stylesheet data structures between documents
https://bugs.webkit.org/show_bug.cgi?id=85598
Reviewed by Darin Adler.
We currently make a copy of the data structures when restoring a cached stylesheet. This patch lets us share
the data until someone uses a mutating CSSOM API to modify the sheet.
The patch implements copy-on-write for the internal style sheet data structures. If any mutating CSSOM API is
invoked, we check if the mutation is safe (there is only one client, the sheet is not cached). If not then the
internal structures are copied and any existing CSSOM objects are re-attached to the new style tree. The copied
tree is mutated while the other clients stay attached to the original tree.
Sharing can save significant amount of memory on sites with large stylesheets. For example if you have
multiple articles open on wsj.com this saves ~2.6MB per tab.
Test: http/tests/css/shared-stylesheet-mutation.html
http/tests/css/shared-stylesheet-mutation-preconstruct.html
* css/CSSFontFaceRule.cpp:
(WebCore::CSSFontFaceRule::reattach):
(WebCore):
* css/CSSFontFaceRule.h:
(CSSFontFaceRule):
* css/CSSMediaRule.cpp:
(WebCore::CSSMediaRule::insertRule):
(WebCore::CSSMediaRule::deleteRule):
(WebCore::CSSMediaRule::reattach):
(WebCore):
* css/CSSMediaRule.h:
(CSSMediaRule):
* css/CSSPageRule.cpp:
(WebCore::CSSPageRule::setSelectorText):
(WebCore::CSSPageRule::reattach):
(WebCore):
* css/CSSPageRule.h:
(CSSPageRule):
* css/CSSRule.cpp:
(WebCore::CSSRule::reattach):
After the internal stylerule tree has been copied, the existing wrappers are re-attached using recursive reattach() function.
* css/CSSRule.h:
(WebCore):
(CSSRule):
* css/CSSStyleRule.cpp:
(WebCore::CSSStyleRule::setSelectorText):
(WebCore::CSSStyleRule::reattach):
(WebCore):
* css/CSSStyleRule.h:
(CSSStyleRule):
* css/CSSStyleSheet.cpp:
(WebCore::StyleSheetInternal::StyleSheetInternal):
(WebCore::StyleSheetInternal::isCacheable):
(WebCore::StyleSheetInternal::ruleAt):
Add ruleAt(), use it for both wrapper creation and reattaching. Remove createChildRuleCSSOMWrapper .
(WebCore):
(WebCore::StyleSheetInternal::wrapperInsertRule):
(WebCore::StyleSheetInternal::wrapperDeleteRule):
Invalidation moves to the calling wrapper.
(WebCore::StyleSheetInternal::addedToMemoryCache):
(WebCore::StyleSheetInternal::removedFromMemoryCache):
(WebCore::CSSStyleSheet::willMutateRules):
This is called whenever StyleSheetInternal is going to be mutated. It will do copy-on-write if needed.
Usually invoked by CSSStyleSheet::RuleMutation RAII type.
(WebCore::CSSStyleSheet::didMutateRules):
This is called after the mutation is complete and will trigger the style recalc in the document.
(WebCore::CSSStyleSheet::didMutate):
This is called directly after mutations that don't change StyleSheetInternal so don't require copy-on-write.
(WebCore::CSSStyleSheet::reattachChildRuleCSSOMWrappers):
(WebCore::CSSStyleSheet::setDisabled):
(WebCore::CSSStyleSheet::insertRule):
(WebCore::CSSStyleSheet::deleteRule):
* css/CSSStyleSheet.h:
(StyleSheetInternal):
(WebCore::StyleSheetInternal::hasOneClient):
(WebCore::StyleSheetInternal::isMutable):
(WebCore::StyleSheetInternal::setMutable):
Track mutability. Mutation is allowed only after willMutate call.
(WebCore::StyleSheetInternal::isInMemoryCache):
Track if the object is in memory cache.
(WebCore::CSSStyleSheet::clearOwnerRule):
(CSSStyleSheet):
* css/MediaList.cpp:
(WebCore::MediaList::setMediaText):
(WebCore::MediaList::deleteMedium):
(WebCore::MediaList::appendMedium):
(WebCore::MediaList::didMutate):
(WebCore):
(WebCore::MediaList::reattach):
* css/MediaList.h:
(MediaList):
* css/PropertySetCSSStyleDeclaration.cpp:
(WebCore::PropertySetCSSStyleDeclaration::setCssText):
(WebCore::PropertySetCSSStyleDeclaration::setProperty):
(WebCore::PropertySetCSSStyleDeclaration::removeProperty):
(WebCore::PropertySetCSSStyleDeclaration::setPropertyInternal):
(WebCore):
(WebCore::StyleRuleCSSStyleDeclaration::willMutate):
(WebCore::StyleRuleCSSStyleDeclaration::didMutate):
(WebCore::StyleRuleCSSStyleDeclaration::reattach):
(WebCore::InlineCSSStyleDeclaration::didMutate):
* css/PropertySetCSSStyleDeclaration.h:
(WebCore::PropertySetCSSStyleDeclaration::willMutate):
(WebCore::PropertySetCSSStyleDeclaration::didMutate):
(StyleRuleCSSStyleDeclaration):
* css/WebKitCSSKeyframesRule.cpp:
(WebCore::WebKitCSSKeyframesRule::setName):
(WebCore::WebKitCSSKeyframesRule::insertRule):
(WebCore::WebKitCSSKeyframesRule::deleteRule):
(WebCore::WebKitCSSKeyframesRule::reattach):
(WebCore):
* css/WebKitCSSKeyframesRule.h:
(WebKitCSSKeyframesRule):
* css/WebKitCSSRegionRule.cpp:
(WebCore::WebKitCSSRegionRule::reattach):
* css/WebKitCSSRegionRule.h:
(WebKitCSSRegionRule):
* inspector/InspectorStyleSheet.cpp:
(WebCore::InspectorStyleSheet::reparseStyleSheet):
* loader/cache/CachedCSSStyleSheet.cpp:
(WebCore::CachedCSSStyleSheet::~CachedCSSStyleSheet):
(WebCore::CachedCSSStyleSheet::destroyDecodedData):
(WebCore::CachedCSSStyleSheet::restoreParsedStyleSheet):
Don't copy when restoring. It is no longer necessary.
Set the cache bit on the stylesheet.
(WebCore::CachedCSSStyleSheet::saveParsedStyleSheet):
2012-08-07 Lucas Forschler <lforschler@apple.com>
Merge 124829
2012-08-06 Anders Carlsson <andersca@apple.com>
Clear out the TileCache backpointer for all tile layers when the tile cache is destroyed
https://bugs.webkit.org/show_bug.cgi?id=93317
<rdar://problem/11566543>
Reviewed by Dean Jackson.
It seems that in some rare cases, the tile cache layer can be destroyed in the same transaction as tile layers
are being asked to paint. Make sure to null out the TileCache back pointer for all layers in the TileCache destructor.
* platform/graphics/ca/mac/TileCache.mm:
(WebCore::TileCache::~TileCache):
2012-08-07 Lucas Forschler <lforschler@apple.com>
Merge 124714
2012-08-04 Dan Bernstein <mitz@apple.com>
<rdar://problem/11875795> REGRESSION (tiled drawing): Page’s scroll bars flash with each character you type in a textarea (affects Wikipedia and YouTube)
https://bugs.webkit.org/show_bug.cgi?id=91348
Reviewed by Andy Estes.
* platform/ScrollableArea.cpp:
(WebCore::ScrollableArea::scrollPositionChanged): Changed to call notifyContentAreaScrolled()
only if the scroll position after the change differs from what it was before the change.
* rendering/RenderListBox.cpp:
(WebCore::RenderListBox::scrollPosition): Added an override of this ScrollableArea function.
* rendering/RenderListBox.h:
2012-08-07 Lucas Forschler <lforschler@apple.com>
Merge 124510
2012-08-02 Oliver Hunt <oliver@apple.com>
A few objects aren't being safely protected from GC in all cases
https://bugs.webkit.org/show_bug.cgi?id=93031
Reviewed by Filip Pizlo.
I haven't seen evidence that anyone is hitting bugs due to this, but any
GC error can lead to later -- hard to diagnose -- bugs if they result in
resurrecting dead objects.
* bindings/js/JSCustomXPathNSResolver.cpp:
(WebCore::JSCustomXPathNSResolver::create):
(WebCore::JSCustomXPathNSResolver::JSCustomXPathNSResolver):
(WebCore::JSCustomXPathNSResolver::lookupNamespaceURI):
* bindings/js/JSCustomXPathNSResolver.h:
(JSCustomXPathNSResolver):
* bindings/js/JSDictionary.cpp:
(WebCore::JSDictionary::tryGetProperty):
* bindings/js/JSDictionary.h:
(WebCore::JSDictionary::JSDictionary):
(WebCore::JSDictionary::initializerObject):
2012-08-07 Lucas Forschler <lforschler@apple.com>
Merge 124489
2012-08-02 Beth Dakin <bdakin@apple.com>
https://bugs.webkit.org/show_bug.cgi?id=93020
REGRESSION (tiled scrolling): Full-screen video is broken if page is
scrolled
-and corresponding-
<rdar://problem/11629778>
Reviewed by Anders Carlsson.
The bug here is that ScrollingTreeNodeMac::setScrollLayerPosition()
uses the CALayer (PlatformLayer) directly to set the position. That
means that the GraphicsLayer that owns that PlatformLayer does not
have updated position information. That results in this bug when we
switch from fast scrolling to main thread scrolling, because at that
point, the GraphicsLayer needs to have the correct information. So
make sure to update the main thread scroll position and layer
position before transitioning to main thread scrolling.
* page/scrolling/ScrollingCoordinator.cpp:
(WebCore::ScrollingCoordinator::setShouldUpdateScrollLayerPositionOnMainThread):
2012-08-07 Lucas Forschler <lforschler@apple.com>
Merge 124463
2012-08-02 Antti Koivisto <antti@apple.com>
Inline stylesheets can confuse style sharing
https://bugs.webkit.org/show_bug.cgi?id=92970
Reviewed by Dan Bernstein.
Consider document
<div class="i30"></div>
<style>.i30 { background-color:green; }</style>
<div class="i30"></div>
When processing the <style> element the scope optimization marks the first div as needing style recalc.
Next the parser adds the second div to the tree and immediately calculates its style. Since it looks exactly
like the first div the style sharing optimization copies the style from there. The pending recalc of the
first div is resolved by a timer but the second div is left with the old style.
Fix by disallowing style sharing from elements with pending style recalc.
Test: fast/css/style-sharing-inline-stylesheet.html
* css/StyleResolver.cpp:
(WebCore::StyleResolver::canShareStyleWithElement):
2012-08-06 Lucas Forschler <lforschler@apple.com>
Merge 123942
2012-07-27 Jer Noble <jer.noble@apple.com>
Reset the set of "seen" plugins when the main frame load is committed.
https://bugs.webkit.org/show_bug.cgi?id=92564
Reviewed by Anders Carlsson.
Because the Page object is re-used across navigation and reload, reset the list
of seen plugins when the main frame load commits. This gives a good baseline to
compare against the number of pages loaded.
No new tests; the "seen" plugin list is for diagnostic purposes only.
* loader/FrameLoader.cpp:
(WebCore::FrameLoader::dispatchDidCommitLoad):
* page/Page.cpp:
(WebCore::Page::resetSeenPlugins):
* page/Page.h:
2012-08-06 Lucas Forschler <lforschler@apple.com>
Merge 123930
2012-07-27 Jer Noble <jer.noble@apple.com>
Add diagnostic logging for plugins-per-page.
https://bugs.webkit.org/show_bug.cgi?id=92538
Reviewed by Anders Carlsson.
Add some diagnostic logging for whether a page has seen a plugin, and
whether a page has seen a plugin of a specific type.
Move the diagnostic logging out of the elemements themselves:
* html/HTMLEmbedElement.cpp:
(WebCore::HTMLEmbedElement::updateWidget):
* html/HTMLObjectElement.cpp:
(WebCore::HTMLObjectElement::updateWidget):
Instead, log when the plugin is requested, thereby catching plugins which are
rejected because, e.g., Java is disabled or not installed:
* loader/SubframeLoader.cpp:
(WebCore::logPluginRequest):
(WebCore::SubframeLoader::requestObject):
(WebCore::SubframeLoader::createJavaAppletWidget):
Add new diagnostic key values:
* page/DiagnosticLoggingKeys.cpp:
(WebCore::DiagnosticLoggingKeys::pageContainsPluginKey):
(WebCore::DiagnosticLoggingKeys::pageContainsAtLeastOnePluginKey):
* page/DiagnosticLoggingKeys.h:
Add a map of plugin types seen per-page for diagnostic purposes:
* page/Page.cpp:
(WebCore::Page::hasSeenAnyPlugin):
(WebCore::Page::hasSeenPlugin):
(WebCore::Page::sawPlugin):
* page/Page.h:
2012-08-06 Lucas Forschler <lforschler@apple.com>
Merge 123907
2012-07-27 Anders Carlsson <andersca@apple.com>
Show the unavailable plug-in indicator for Java applets as well
https://bugs.webkit.org/show_bug.cgi?id=92521
Reviewed by Sam Weinig.
Now that <applet> behaves more like <embed> and <object>, make sure that we show the unavailable plug-in indicator
and call the correct error callbacks if we fail to instantiate the plug-in.
* WebCore.exp.in:
Export a symbol needed by WebKit2.
* html/HTMLAppletElement.cpp:
(WebCore::HTMLAppletElement::HTMLAppletElement):
Set the correct service type.
* loader/SubframeLoader.cpp:
(WebCore::SubframeLoader::createJavaAppletWidget):
Enable the unavailable plug-in indicator if we fail to create the java applet widget.
2012-08-06 Lucas Forschler <lforschler@apple.com>
Merge 123811
2012-07-26 Anders Carlsson <andersca@apple.com>
HTMLAppletElement should inherit from HTMLPlugInImageElement
https://bugs.webkit.org/show_bug.cgi?id=92320
Reviewed by Eric Seidel.
In order to simplify the class hierarchy and eventually merge HTMLPlugInImageElement and HMTLPlugInElement,
make HTMLAppletElement inherit from HTMLPlugInImageElement. While this does mean that HTMLAppletElement will grow by
a couple of words, in practice it won't matter.
Also, make RenderApplet inherit from RenderEmbeddedObject and move the plug-in instantiation to HTMLAppletElement which matches
both HTMLEmbedElement and HTMLObjectElement.
* html/HTMLAppletElement.cpp:
(WebCore::HTMLAppletElement::HTMLAppletElement):
(WebCore::HTMLAppletElement::create):
(WebCore::HTMLAppletElement::parseAttribute):
(WebCore::HTMLAppletElement::rendererIsNeeded):
(WebCore::HTMLAppletElement::createRenderer):
(WebCore):
(WebCore::HTMLAppletElement::renderWidgetForJSBindings):
(WebCore::HTMLAppletElement::updateWidget):
* html/HTMLAppletElement.h:
(HTMLAppletElement):
* html/HTMLTagNames.in:
* loader/SubframeLoader.cpp:
(WebCore::SubframeLoader::createJavaAppletWidget):
* loader/SubframeLoader.h:
(SubframeLoader):
* page/FrameView.cpp:
(WebCore::FrameView::updateWidget):
* rendering/RenderApplet.cpp:
(WebCore::RenderApplet::RenderApplet):
* rendering/RenderApplet.h:
(RenderApplet):
* rendering/RenderEmbeddedObject.h:
(WebCore::toRenderEmbeddedObject):
* rendering/RenderLayer.cpp:
(WebCore::RenderLayer::shouldBeNormalFlowOnly):
(WebCore::RenderLayer::shouldBeSelfPaintingLayer):
* rendering/RenderLayerBacking.cpp:
(WebCore::RenderLayerBacking::updateGraphicsLayerConfiguration):
* rendering/RenderLayerCompositor.cpp:
(WebCore::RenderLayerCompositor::requiresCompositingForPlugin):
* rendering/RenderObject.cpp:
(WebCore::RenderObject::setStyle):
* rendering/RenderObject.h:
2012-08-06 Lucas Forschler <lforschler@apple.com>
Merge 121929
2012-07-05 Benjamin Poulain <bpoulain@apple.com>
Double release of resources if the load is canceled in a callback of ResourceLoader::didFinishLoading
https://bugs.webkit.org/show_bug.cgi?id=90431
Reviewed by Anders Carlsson.
In ResourceLoader::didFinishLoadingOnePart(), we invoke didFinishLoad() on the WebKit client. If WebKit
causes the current frame to cancel the load synchronously, the resources are already freed when
ResourceLoader::didFinishLoadingOnePart() ends.
When ResourceLoader::didFinishLoading() subsequently invokes releaseResources(), we are releasing the
resources a second time.
This patch add a second check for cancellation after invoking ResourceLoader::didFinishLoadingOnePart() to
avoid such issues.
The previous check at the beginning of ResourceLoader::didFinishLoading() has been removed because it is
redundant with ResourceLoader::didFinishLoadingOnePart().
* loader/ResourceLoader.cpp:
(WebCore::ResourceLoader::didFinishLoading):
(WebCore::ResourceLoader::didFinishLoadingOnePart):
2012-08-06 Lucas Forschler <lforschler@apple.com>
Merge 118236
2012-05-23 Abhishek Arya <inferno@chromium.org>
ASSERT failure toRenderProgress in HTMLProgressElement::didElementStateChange
https://bugs.webkit.org/show_bug.cgi?id=87274
Reviewed by Darin Adler.
Progress bar can't run-in. Prevent it from becoming a run-in, leading to an
unworkable RenderInline.
Test: fast/runin/progress-run-in-crash.html
* html/HTMLProgressElement.cpp:
(WebCore::HTMLProgressElement::didElementStateChange):
* rendering/RenderBlock.cpp:
(WebCore::RenderBlock::moveRunInUnderSiblingBlockIfNeeded):
2012-08-06 Lucas Forschler <lforschler@apple.com>
Merge 121803
2012-07-03 Nate Chapin <japhet@chromium.org>
Protect this DocumentThreadableLoader in cancel() to handle reentrancy properly.
https://bugs.webkit.org/show_bug.cgi?id=90483
Reviewed by Abhishek Arya.
No new tests, covered by http/tests/xmlhttprequest/reentrant-cancel.html
* loader/DocumentThreadableLoader.cpp:
(WebCore::DocumentThreadableLoader::cancel):
2012-08-06 Lucas Forschler <lforschler@apple.com>
Merge 120845
2012-06-20 Nate Chapin <japhet@chromium.org>
Don't re-enter CachedResource::removeClient() if an XHR
is canceled and restarted multiple times.
https://bugs.webkit.org/show_bug.cgi?id=89378
Reviewed by Eric Seidel.
Test: http/tests/xmlhttprequest/reentrant-cancel.html
* loader/DocumentThreadableLoader.cpp:
(WebCore::DocumentThreadableLoader::cancel):
(WebCore::DocumentThreadableLoader::clearResource): Save off a copy of m_resource
then clear it, so we don't call clearResource() multiple times for the same resource.
2012-08-06 Lucas Forschler <lforschler@apple.com>
Revert 116203
2012-05-04 Julien Chaffraix <jchaffraix@webkit.org>
Leaf non self-painting layers should bail out early in RenderLayer::paintLayer
https://bugs.webkit.org/show_bug.cgi?id=85678
Reviewed by Darin Adler.
Performance optimization, no expected change in behavior.
The gist of the change is that leaf non self-painting layers don't need to be painted as their
associated RenderBoxModelObject should properly paint itself without any help.
For RenderLayer trees that have a large number of leafs nodes (like a table with a leaf RenderLayer for
each cells), not bailing out is a big overhead as it ends up doing a lot of computation for no real
painting. See http://dglazkov.github.com/performance-tests/biggrid.html for a benchmark for that. On
my machine, it reduces the paint time when scrolling to 70ms from 120ms (45% speedup).
* rendering/RenderLayer.cpp:
(WebCore::RenderLayer::paintLayer):
2012-08-06 Lucas Forschler <lforschler@apple.com>
Merge 123780
2012-07-25 Jer Noble <jer.noble@apple.com>
Add diagnostic messages when media and plugins load or fail to load.
https://bugs.webkit.org/show_bug.cgi?id=92341
Reviewed by Anders Carlsson.
Send diagnostic messages when a media or plugin element loads or fails to load. Include in
the trace the media engine description, error code, or plugin mime type.
* html/HTMLEmbedElement.cpp:
(WebCore::HTMLEmbedElement::updateWidget): Send a diagnostic message.
* html/HTMLMediaElement.cpp:
(WebCore::stringForNetworkState): Added convenience function to stringify network states.
(WebCore::HTMLMediaElement::mediaLoadingFailed): Send a diagnostic message.
(WebCore::HTMLMediaElement::setReadyState): Send a diagnostic message.
* html/HTMLObjectElement.cpp:
(WebCore::HTMLObjectElement::updateWidget): Send a diagnostic message.
2012-08-06 Lucas Forschler <lforschler@apple.com>
Merge 123778
2012-07-26 Jer Noble <jer.noble@apple.com>
Add a ChromeClient method to send diagnostic logging messages from WebCore to the client.
https://bugs.webkit.org/show_bug.cgi?id=92340
Reviewed by Anders Carlsson.
Add a new ChromeClient menthod, to be implemented by WebKit and WebKit2, which sends
a diagnostic logging message up to the client.
* page/ChromeClient.h:
(WebCore::ChromeClient::logDiagnosticMessage):
* page/ChromeClient.h:
(WebCore::ChromeClient::logDiagnosticMessage):
(ChromeClient):
* page/DiagnosticLoggingKeys.cpp: Added.
(WebCore::DiagnosticLoggingKeys::mediaLoadedKey):
(WebCore::DiagnosticLoggingKeys::mediaLoadingFailedKey):
(WebCore::DiagnosticLoggingKeys::pluginLoadedKey):
(WebCore::DiagnosticLoggingKeys::pluginLoadingFailedKey):
(WebCore::DiagnosticLoggingKeys::passKey):
(WebCore::DiagnosticLoggingKeys::failKey):
(WebCore::DiagnosticLoggingKeys::noopKey):
* page/DiagnosticLoggingKeys.h: Added.
(DiagnosticLoggingKeys):
Add the new files DiagnosticLoggingKeys.cpp,h to the project:
* CMakeLists.txt:
* GNUmakefile.list.am:
* Target.pri:
* WebCore.gypi:
* WebCore.vcproj/WebCore.vcproj:
* WebCore.xcodeproj/project.pbxproj:
2012-08-06 Lucas Forschler <lforschler@apple.com>
Merge 123775
2012-07-25 Jer Noble <jer.noble@apple.com>
Add setting to enable and disable diagnostic logging.
https://bugs.webkit.org/show_bug.cgi?id=92337
Reviewed by Anders Carlsson.
Add a new entry in Settings, defaulting to false.
* page/Settings.cpp:
(WebCore::Settings::Settings): Default the new setting to false.
* page/Settings.h:
(WebCore::Settings::setDiagnosticLoggingEnabled): Simple accessor.
(WebCore::Settings::diagnosticLoggingEnabled): Ditto.
2012-08-06 Lucas Forschler <lforschler@apple.com>
Merge 123747
2012-07-26 Jer Noble <jer.noble@apple.com>
Add a MediaPlayer API to retrieve the description of the current media engine.
https://bugs.webkit.org/show_bug.cgi?id=92336
Reviewed by Eric Carlson.
Add a utility function which retrieves, for diagnostic purposes, a brief description
of the current media engine. Stubs have been added for each of the MediaPlayerPrivate
subclasses which return the name of the class.
* platform/graphics/MediaPlayer.cpp:
(WebCore::MediaPlayer::engineDescription):
* platform/graphics/MediaPlayer.h:
* platform/graphics/MediaPlayerPrivate.h:
(WebCore::MediaPlayerPrivateInterface::engineDescription):
* platform/graphics/avfoundation/MediaPlayerPrivateAVFoundation.h:
(WebCore::MediaPlayerPrivateAVFoundation::engineDescription):
* platform/graphics/blackberry/MediaPlayerPrivateBlackBerry.h:
(WebCore::MediaPlayerPrivate::engineDescription):
* platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.h:
(WebCore::MediaPlayerPrivateGStreamer::engineDescription):
* platform/graphics/mac/MediaPlayerPrivateQTKit.h:
(WebCore::MediaPlayerPrivateQTKit::engineDescription):
* platform/graphics/qt/MediaPlayerPrivateQt.h:
(WebCore::MediaPlayerPrivateQt::engineDescription):
* platform/graphics/wince/MediaPlayerPrivateWinCE.h:
(WebCore::MediaPlayerPrivate::engineDescription):
* platform/graphics/win/MediaPlayerPrivateQuickTimeVisualContext.h:
(WebCore::MediaPlayerPrivateQuickTimeVisualContext::engineDescription):
2012-08-02 Lucas Forschler <lforschler@apple.com>
Merge 122676
2012-07-14 Eric Carlson <eric.carlson@apple.com>
Enable AVCF hardware video decoding
https://bugs.webkit.org/show_bug.cgi?id=90015
<rdar://problem/10770317>
Reviewed by Anders Carlsson.
* html/HTMLMediaElement.cpp:
(WebCore):
(WebCore::HTMLMediaElement::mediaPlayerGraphicsDeviceAdapter): New, return the client's graphics
device adapter.
* html/HTMLMediaElement.h:
* page/ChromeClient.h:
(WebCore::ChromeClient::graphicsDeviceAdapter): New.
* platform/graphics/MediaPlayer.cpp:
(WebCore::MediaPlayer::graphicsDeviceAdapter): New, ask the media element for the graphics
device adapter.
* platform/graphics/MediaPlayer.h:
* platform/graphics/avfoundation/cf/AVFoundationCFSoftLinking.h: Soft-link AVCFPlayerSetDirect3DDevice
and AVCFPlayerEnableHardwareAcceleratedVideoDecoderKey.
* platform/graphics/avfoundation/cf/MediaPlayerPrivateAVFoundationCF.cpp:
(WebCore::MediaPlayerPrivateAVFoundationCF::createAVAssetForURL): Pass the current d3d9
device interface to the AVFWrapper.
(WebCore::AVFWrapper::createAssetForURL): If the d3d9 device implements IDirect3DDevice9Ex,
tell the AVAsset to enable hardware video decoding.
(WebCore::AVFWrapper::createPlayer): Pass the d3d9 device to the player if it implements IDirect3DDevice9Ex.
* platform/graphics/ca/win/CACFLayerTreeHost.h:
(WebCore::CACFLayerTreeHost::graphicsDeviceAdapter): New, default implementation.
* platform/graphics/ca/win/LegacyCACFLayerTreeHost.h:
(WebCore::LegacyCACFLayerTreeHost::graphicsDeviceAdapter): New, default implementation.
* platform/graphics/ca/win/WKCACFViewLayerTreeHost.cpp:
(WebCore::WKCACFViewLayerTreeHost::graphicsDeviceAdapter): New.
* platform/graphics/ca/win/WKCACFViewLayerTreeHost.h:
* platform/win/SoftLinking.h: Define SOFT_LINK_DLL_IMPORT_OPTIONAL, SOFT_LINK_LOADED_LIBRARY,
and SOFT_LINK_VARIABLE_DLL_IMPORT_OPTIONAL.
2012-08-02 Lucas Forschler <lforschler@apple.com>
Merge 123912
2012-07-27 Beth Dakin <bdakin@apple.com>
https://bugs.webkit.org/show_bug.cgi?id=92327
-webkit-background-clip:text is blurry in WebKit 1 apps when
deviceScaleFactor > 1
-and corresponding-
<rdar://problem/11683788>
Reviewed by Simon Fraser.
The bug here is that the code to make createCompatibleBuffer() HiDPI-savvy
assumed that the deviceScaleFactor would always be baked into the CTM of the
GraphicsContext. But that is NOT the case in WebKit 1.
createCompatibleBuffer() is used for clip text and gradients.
Now getCTM() takes a parameter indicating whether the result should definitely
include the device scale, or if it should possibly included the device scale,
which is the option that matches old behavior.
* platform/graphics/GraphicsContext.h:
(GraphicsContext):
* platform/graphics/cairo/GraphicsContextCairo.cpp:
(WebCore::GraphicsContext::getCTM):
* platform/graphics/openvg/GraphicsContextOpenVG.cpp:
(WebCore::GraphicsContext::getCTM):
* platform/graphics/qt/GraphicsContextQt.cpp:
(WebCore::GraphicsContext::getCTM):
* platform/graphics/skia/GraphicsContextSkia.cpp:
(WebCore::GraphicsContext::getCTM):
* platform/graphics/wince/GraphicsContextWinCE.cpp:
(WebCore::GraphicsContext::getCTM):
* platform/graphics/wx/GraphicsContextWx.cpp:
(WebCore::GraphicsContext::getCTM):
Actually use the new parameter in the CG implementation. Use CG API to get a
matrix that definitely includes the device scale when that is required.
* platform/graphics/cg/GraphicsContextCG.cpp:
(WebCore::GraphicsContext::getCTM):
Remove some symbol cruft that doesn't seem to require a replacement.
* WebCore.exp.in:
Use DefinitelyIncludeDeviceScale when getting the CTM in the buggy spot.
* platform/graphics/GraphicsContext.cpp:
(WebCore::GraphicsContext::createCompatibleBuffer):
The ImageBuffer for gradients is created using createCompatibleBuffer(), and since
createCompatibleBuffer() now uses getCTM(DefinitelyIncludeDeviceScale) to
determine appropriate sizing, drawPattern() should use that same matrix to
determine pattern sizing.
* platform/graphics/GeneratorGeneratedImage.cpp:
(WebCore::GeneratorGeneratedImage::drawPattern):
2012-08-02 Lucas Forschler <lforschler@apple.com>
Merge 122293
2012-07-10 Shinya Kawanaka <shinyak@chromium.org>
Crash in nextLinePosition() due to accessing a removed root line box.
https://bugs.webkit.org/show_bug.cgi?id=90484
Reviewed by Abhishek Arya.
When <object> element is reattached, the 'content' style is compared to the old style.
If it is not the same, a flag to recalc style is enabled. Because of this, the recalc style flag
is not cleared in updateLayoutIgnorePendingStyleSheets() in nextLinePosition(), and it causes
the second layout in isEditablePosition(p). Then 'RootInlineBox root' is invalidated, but
it's used after that.
When the content of the same <object> elements are compared, they should be the same.
However, operator== for ContentData is not implemented correctly (it compares a pointer instead of
content). So operator== does not hold for the content of the same <object> elements.
Test: editing/execCommand/crash-extend-selection-forward.html
* rendering/style/ContentData.cpp:
(WebCore::operator==): Compares the instance of data instead of pointer.
2012-08-02 Lucas Forschler <lforschler@apple.com>
Merge 122188
2012-07-09 Kent Tamura <tkent@chromium.org>
REGRESSION(r114862-r114886): Fix a crash by switching the input type to hidden.
https://bugs.webkit.org/show_bug.cgi?id=90774
Reviewed by Andreas Kling.
Test: fast/forms/hidden/change-type-to-hidden-after-updating-value.html
* dom/Element.cpp:
(WebCore::Element::setAttributeInternal):
Pass a copy of the existing Attribute object.
2012-08-02 Lucas Forschler <lforschler@apple.com>
Merge 121388
2012-06-27 Daniel Cheng <dcheng@chromium.org>
Fix crash in Frame::nodeImage.
https://bugs.webkit.org/show_bug.cgi?id=89911
Reviewed by Abhishek Arya.
We were caching a pointer to a RenderObject and then calling updateLayout(). Instead, we
need to get a pointer to the RenderObject again after updateLayout().
Test: fast/events/drag-display-none-element.html
* page/Frame.cpp:
(WebCore::Frame::nodeImage):
* page/mac/FrameMac.mm:
(WebCore::Frame::snapshotDragImage):
(WebCore::Frame::nodeImage):
2012-08-02 Lucas Forschler <lforschler@apple.com>
Merge 121279
2012-06-26 Julien Chaffraix <jchaffraix@webkit.org>
Crash in FixedTableLayout::layout
https://bugs.webkit.org/show_bug.cgi?id=88676
Unreviewed typo fix, pointed out by Darin Adler.
* rendering/AutoTableLayout.cpp:
(WebCore::AutoTableLayout::layout):
* rendering/FixedTableLayout.cpp:
(WebCore::FixedTableLayout::layout):
2012-08-02 Lucas Forschler <lforschler@apple.com>
Merge 121275
2012-06-26 Julien Chaffraix <jchaffraix@webkit.org>
Crash in FixedTableLayout::layout
https://bugs.webkit.org/show_bug.cgi?id=88676
Reviewed by Abhishek Arya.
Tests: fast/table/auto-table-layout-colgroup-removal-crash.html
fast/table/fixed-table-layout/colgroup-removal-crash.html
fast/table/fixed-table-layout/prepend-in-fixed-table.html
The issue comes from RenderTable not properly dirtying its preferred logical
widths. As the table layout codes (both fixed and auto), recomputes their internal
structures at computePreferredLogicalWidth, the internal structure doesn't match
the table sizing and we crash.
This fix adds a work-around in FixedTableLayout::layout (which matches AutoTableLayout).
The long-term fix would be to properly fix the logic but this is a lot safer, especially
since our logic is really not bullet-proof at the moment.
* rendering/FixedTableLayout.cpp:
(WebCore::FixedTableLayout::layout):
Added an internal structure recomputation, if we have drifted from our table's structure.
Also we need to update nEffCols if we call calcWidthArray.
* rendering/AutoTableLayout.cpp:
(WebCore::AutoTableLayout::layout):
Added a comment matching FixedTableLayout. The nEffCols is unneeded but kept for consistency
with FixedTableLayout.
2012-08-02 Lucas Forschler <lforschler@apple.com>
Merge 121031
2012-06-22 Abhishek Arya <inferno@chromium.org>
Crash in DragController::concludeEditDrag.
https://bugs.webkit.org/show_bug.cgi?id=89762
Reviewed by Ryosuke Niwa.
RefPtr the innerFrame since it can get destroyed due to mutation
event fired in DragController::dispatchTextInputEventFor().
Test: editing/pasteboard/drop-text-events-sideeffect-crash.html
* page/DragController.cpp:
(WebCore::DragController::concludeEditDrag):
2012-08-02 Lucas Forschler <lforschler@apple.com>
Merge 120862
2012-06-20 Abhishek Arya <inferno@chromium.org>
Crash on accessing a removed renderer from percent height descendant map.
https://bugs.webkit.org/show_bug.cgi?id=88017
Reviewed by Eric Seidel.
Test: fast/block/percent-height-descendant-not-removed-crash2.html
* rendering/RenderBlock.cpp:
(WebCore::RenderBlock::hasPercentHeightContainerMap): helper to tell
if we have a height container map.
(WebCore):
(WebCore::RenderBlock::hasPercentHeightDescendant): change from a debug
only function to a regular function for use. no need to null check
for a percent height container map in this function.
(WebCore::RenderBlock::clearPercentHeightDescendantsFrom): helper to
clear all percent height descendants under us.
(WebCore::RenderBlock::removePercentHeightDescendantIfNeeded): helper to
clear the box if it exists in the percent height descendant map.
* rendering/RenderBlock.h:
(RenderBlock):
* rendering/RenderBox.cpp:
(WebCore::RenderBox::willBeDestroyed): remove the assert and change the
percent height detection check to use removePercentHeightDescendantIfNeeded.
We shouldn't rely on logicalHeight().isPercent() as it can change when our
writing mode changes. Instead, just query the map directly to see if we exist.
(WebCore::RenderBox::styleDidChange): when our writing mode changes from
horizontal to vertical or vice versa, we clear all our descendants from
the percent height descendant map. Cache the value of isHorizontalWritingMode()
before it changes in styleDidChange and compare it with the new value
(can't use oldStyle->isHorizontalWritingMode() since it can be inherited
and already updated).
2012-08-02 Lucas Forschler <lforschler@apple.com>
Merge 120801
2012-06-19 Cris Neckar <cdn@chromium.org>
Fixes condition where inserting a CounterNode subtree which could result in incorrect placement.
https://bugs.webkit.org/show_bug.cgi?id=88142
Reviewed by Adam Barth.
Test: fast/css/counters/counter-reset-subtree-insert-crash.html
* rendering/CounterNode.cpp:
(WebCore::CounterNode::insertAfter):
2012-08-02 Lucas Forschler <lforschler@apple.com>
Merge 120761
2012-06-19 Ken Buchanan <kenrb@chromium.org>
Absolute positioned objects should not be added to anonymous block lists
https://bugs.webkit.org/show_bug.cgi?id=87768
Reviewed by Abhishek Arya.
containingBlock() was returning an anonymous block for absolute
positioned objects under a relative positioned inline in the case
that the inline is split and the object is underneath the block
continuation. Anonymous blocks should never have anything in their
positioned object lists because they can be destroyed at any time
for a different reasons such as anonymous block merging, which is
a problem for layout if they have m_posChildNeedsLayout set.
This patch adds a generic check for anonymous blocks in
containingBlock() to correct this problem.
* rendering/RenderObject.cpp:
(WebCore::RenderObject::containingBlock):
2012-08-02 Lucas Forschler <lforschler@apple.com>
Merge 120731
2012-06-19 Abhishek Arya <inferno@chromium.org>
Crash in WebCore::RenderSVGModelObject::checkIntersection
https://bugs.webkit.org/show_bug.cgi?id=89059
Reviewed by Rob Buis.
getElementCTM updates layout causing the renderer to be destroyed. We get
the new renderer by storing the element pointer and later accessing it using
the element pointer.
Test: svg/custom/intersection-list-crash.svg
* rendering/svg/RenderSVGModelObject.cpp:
(WebCore::RenderSVGModelObject::checkIntersection):
(WebCore::RenderSVGModelObject::checkEnclosure):
2012-08-02 Lucas Forschler <lforschler@apple.com>
Merge 120559
2012-06-17 Philip Rogers <pdr@google.com>
Prevent crash in SVGDocumentExtensions::removeAllElementReferencesForTarget.
https://bugs.webkit.org/show_bug.cgi?id=88144
Reviewed by Abhishek Arya.
When iterating over referencing elements to rebuild after a reference change in
SVGDocumentExtensions::removeAllElementReferencesForTarget, we can
modify the underlying toBeNotified vector, invalidating it. This change checks
that a vector element is valid before rebuilding, preventing a crash.
Some definitions from SVGDocumentExtensions that may put this patch in context:
An example of a "referenced elements" is a <path>.
An example of a "referencing element" is a <textPath href='some_path_id'>.
m_elementDependencies is a map from referenced elements (e.g., paths) to
a set of referencing elements (e.g., textPaths).
The check that the vector element is valid relies on checking if the referencing
element is in m_elementDependencies. This check is allowed because in the
destructor of SVGTextPathElement (and SVGFeImageElement),
removeAllTargetReferencesForElement() is called, removing the referencing element
from m_elementDependencies.
Simply checking if the referencing element is anywhere in m_elementDependencies
is enough to show it is valid, but that requires iterating over all referenced
elements to see if the given referencing element is present. This change
only checks if the textPath is still in the elements referencing the
path being removed, and only removes the referenced element from
m_elementDependencies after forcing the referencing elements to be rebuilt.
Test: svg/text/textpath-reference-crash.html
* svg/SVGDocumentExtensions.cpp:
(WebCore::SVGDocumentExtensions::removeAllElementReferencesForTarget):
2012-08-02 Lucas Forschler <lforschler@apple.com>
Merge 120554
2012-06-15 Darin Adler <darin@apple.com>
REGRESSION (r111041): Missing element type check in RenderThemeMac::paintMediaFullscreenButton
https://bugs.webkit.org/show_bug.cgi?id=89270
Reviewed by Oliver Hunt.
* rendering/RenderThemeMac.mm:
(WebCore::RenderThemeMac::paintMediaFullscreenButton): Use the proper idiom for getting
a media control element's type.
2012-08-02 Lucas Forschler <lforschler@apple.com>
Merge 119914
2012-06-09 Florin Malita <fmalita@chromium.org>
Fixed-position foreignObject descendants should be relative to the foreignObject viewport
https://bugs.webkit.org/show_bug.cgi?id=88547
Reviewed by Abhishek Arya.
Tests: svg/foreignObject/fO-fixed-position-crash.html
svg/foreignObject/fixed-position-expected.svg
svg/foreignObject/fixed-position.svg
Fixed position elements are currently registered with the top level
RenderView even when embedded within an SVG foreignOject. This patch
changes containingBlock() & container() to return the containing
foreignObject renderer instead.
The new foreignObject fixed position behavior matches that of current
FireFox and Opera versions and is consistent with the spec:
http://www.w3.org/TR/CSS2/visuren.html#fixed-positioninghttp://www.w3.org/TR/SVG/coords.html#EstablishingANewViewport
* rendering/RenderObject.cpp:
(WebCore::RenderObject::containingBlock):
(WebCore::RenderObject::container):
2012-08-02 Lucas Forschler <lforschler@apple.com>
Merge 119911
2012-06-09 Pablo Flouret <pablof@motorola.com>
The value in Access-Control-Allow-Origin is not being matched correctly for CORS-enabled requests
https://bugs.webkit.org/show_bug.cgi?id=88139
Reviewed by Adam Barth.
Compare a request's origin with the value given in any
Access-Control-Allow-Origin headers in an exact, case-sensitive manner,
instead of using SecurityOrigin::isSameSchemeHostPort(). Per step 3 of
the resource sharing check algorithm in
http://dvcs.w3.org/hg/cors/raw-file/tip/Overview.html#resource-sharing-check
Test: http/tests/xmlhttprequest/origin-exact-matching.html
* loader/CrossOriginAccessControl.cpp:
(WebCore::passesAccessControlCheck):
2012-08-02 Lucas Forschler <lforschler@apple.com>
Merge 119870
2012-06-08 Ryosuke Niwa <rniwa@webkit.org>
Crash in WebCore::InsertParagraphSeparatorCommand::doApply
https://bugs.webkit.org/show_bug.cgi?id=88108
Reviewed by Levi Weintraub.
Use NodeVector instead of walking through siblings as we mutate the DOM.
No new tests are added since there is no reliable reduction.
* editing/BreakBlockquoteCommand.cpp:
(WebCore::BreakBlockquoteCommand::doApply):
* editing/CompositeEditCommand.cpp:
(WebCore::CompositeEditCommand::moveRemainingSiblingsToNewParent):
(WebCore):
* editing/CompositeEditCommand.h:
(CompositeEditCommand):
* editing/InsertParagraphSeparatorCommand.cpp:
(WebCore::InsertParagraphSeparatorCommand::doApply):
2012-08-02 Lucas Forschler <lforschler@apple.com>
Merge 119439
2012-06-04 Jeffrey Pfau <jpfau@apple.com>
Document cleanup can get confused if parser still exists
https://bugs.webkit.org/show_bug.cgi?id=88250
Reviewed by Geoffrey Garen.
No new tests; no behavior changes.
* dom/Document.cpp:
(WebCore::Document::removedLastRef): Detach parser earlier
2012-08-02 Lucas Forschler <lforschler@apple.com>
Merge 119050
2012-05-30 Abhishek Arya <inferno@chromium.org>
Crash in ContainerNode::parserAddChild.
https://bugs.webkit.org/show_bug.cgi?id=87903
Reviewed by Ryosuke Niwa.
Call the ChildNodeInsertionNotifier.notify call at the end since
it can destroy |this| and some of the local pointers like |last|.
This also matches the order of calls - childrenChanged precedes
ChildNodeInsertionNotifier.notify in updateTreeAfterInsertion and
ContainerNode::parserInsertBefore.
Also remove a FIXME since we use ChildNodeInsertionNotifier.notify
instead of ChildNodeInsertionNotifier.notifyInsertedIntoDocument
(as recommended in the FIXME).
Test: fast/dom/child-insertion-notify-crash.html
* dom/ContainerNode.cpp:
(WebCore::ContainerNode::parserAddChild):
2012-08-02 Lucas Forschler <lforschler@apple.com>
Merge 118816
2012-05-29 Abhishek Arya <inferno@chromium.org>
Crash due to text fragment destruction when updating first-letter block.
https://bugs.webkit.org/show_bug.cgi?id=87751
Reviewed by Eric Seidel.
Test: fast/text/text-fragment-first-letter-update-crash.html
* rendering/RenderObject.cpp:
(WebCore::RenderObject::setStyle):
2012-08-02 Lucas Forschler <lforschler@apple.com>
Merge 118703
2012-05-28 Yong Li <yoli@rim.com>
Crash on incomplete :not().
https://bugs.webkit.org/show_bug.cgi?id=86673
Reviewed by Antti Koivisto.
Add back null-checks for incomplete :not() class
which were dropped by r81845.
* css/CSSSelector.cpp:
(WebCore::CSSSelector::specificityForOneSelector):
(WebCore::CSSSelector::selectorText):
* css/SelectorChecker.cpp:
(WebCore::SelectorChecker::checkOneSelector):
(WebCore::SelectorChecker::determineLinkMatchType):
2012-08-02 Lucas Forschler <lforschler@apple.com>
Merge 118592
2012-05-25 Abhishek Arya <inferno@chromium.org>
Crash in RenderTableSection::paintCell.
https://bugs.webkit.org/show_bug.cgi?id=87445
Reviewed by Eric Seidel and Julien Chaffraix.
Fix the crash by preventing table parts from being set
as layout root. This prevents us from accessing removed
table cells which can happen if RenderTableSection::layout
is called directly without calling RenderTable::layout first
(in case of cell recalc).
Add ASSERTs to RenderTableSection::layout to prevent
layout to happen when we are already pending cell recalc
or our table is pending section recalc. In those cases,
RenderTable::layout should be called first to relayout
the entire table.
Test: tables/table-section-overflow-clip-crash.html
* rendering/RenderObject.cpp:
(WebCore::objectIsRelayoutBoundary):
* rendering/RenderTableSection.cpp:
(WebCore::RenderTableSection::layout):
2012-07-30 Lucas Forschler <lforschler@apple.com>
Merge 123637
2012-07-25 Beth Dakin <bdakin@apple.com>
https://bugs.webkit.org/show_bug.cgi?id=89114
REGRESSION (r112919): Setting scrollTop after setting display from none to block
fails
-and corresponding-
<rdar://problem/11656050>
Reviewed by Simon Fraser.
ScrollAnimatorMac::immediateScrollTo() and ScrollAnimatorMac::immediateScrollBy()
both have an optimization in place so that they do not call
notifyPositionChanged() if the new scroll offset matches the ScrollAnimator's
cached m_currentPosX and m_currentPosY. So revision 112919 caused troubled with
this optimization because it allowed RenderLayers to restore a scrollOffset from
the Element if there is one cached there. This caused the RenderLayer to have a
scrollOffset that is improperly out-of-synch with the ScrollAnimator's
currentPosition (which will just be 0,0 since it is being re-created like the
RenderLayer). This fix makes sure they are in synch by calling
setCurrentPosition() on the ScrollAnimator when the cached position is non-zero.
* rendering/RenderLayer.cpp:
(WebCore::RenderLayer::RenderLayer):
2012-07-30 Lucas Forschler <lforschler@apple.com>
Merge 123486
2012-07-24 Dan Bernstein <mitz@apple.com>
<rdar://problem/11945102> REGRESSION (r109451): Overlay scrollbars always use the default style, regardless of background color
https://bugs.webkit.org/show_bug.cgi?id=92115
Reviewed by Mark Rowe.
* platform/Scrollbar.cpp:
(WebCore::Scrollbar::scrollbarOverlayStyle): Reversed an incorrect null check.
2012-07-30 Lucas Forschler <lforschler@apple.com>
Merge 123411
2012-07-23 Roger Fong <roger_fong@apple.com>
On Windows, if select element is off screen horizontally,
menu is either inappropriately resized or positioned offscreen.
https://bugs.webkit.org/show_bug.cgi?id=91913
<rdar://problem/7611229>
Reviewed by Tim Horton.
If the select element is positioned off the edge of the screen to the left,
the menu is resized. It should not be resized, just shifted to remain on the screen.
If the select element is positioned off the edge of the screen to the right,
the menu goes off screen instead of being shifted over to appear on screen.
This problem only occurs on Windows.
Test: ManualTests/win/select-menu-off-screen.html
* platform/win/PopupMenuWin.cpp:
(WebCore::PopupMenuWin::calculatePositionAndSize):
Modified final horizontal position calculation code to position
popup menu on screen if it would otherwise go off.
2012-07-30 Lucas Forschler <lforschler@apple.com>
Merge 122271
2012-07-10 Dean Jackson <dino@apple.com>
REGRESSION (r109610): Order of values in shorthand animation makes a difference
https://bugs.webkit.org/show_bug.cgi?id=84533
<rdar://problem/11831924>
<rdar://problem/11815787>
Reviewed by Simon Fraser.
A previous revision (r109610) updated the parsing of the animation shorthand
to make sure that animation-name wouldn't clobber other styles. The side effect
of this was that we'd no longer find animation-name if it wasn't first in the
list. This commit reverts the change and fixes it in a different way, by always
parsing animation-name as the last property in the shorthand. This means that
keywords for timing functions, fill modes and iteration will match before
animation name. In other words, if you want an animation called "forwards"
you should use the longhand property, because the shorthand will first match
that against animation-fill-mode.
Test: animations/animation-shorthand-name-order.html
* css/CSSParser.cpp:
(WebCore::CSSParser::parseAnimationShorthand): make a new array of longhand
properties to check for, with name as the last entry rather than the first.
Use this array to test the properties in the shorthand.
2012-07-30 Lucas Forschler <lforschler@apple.com>
Merge 122228
2012-07-10 Alice Cheng <alice_cheng@apple.com>
Editing: Reproducible crasher when pasting a 0x0 image into Mail
https://bugs.webkit.org/show_bug.cgi?id=90640
<rdar://problem/11141920>
Reviewed by Brady Eidson.
0x0 images don't get a resource representation in the WebArchive, so we need a null check
Test: TestWebKitAPI/Tests/mac/0.png
TestWebKitAPI/Tests/mac/WebViewCanPasteZeroPng.mm
* platform/mac/PasteboardMac.mm:
(WebCore::documentFragmentWithImageResource):
2012-07-30 Lucas Forschler <lforschler@apple.com>
Merge 122152
2012-07-09 Dean Jackson <dino@apple.com>
Tiled drawing means some elements can disappear behind the page
https://bugs.webkit.org/show_bug.cgi?id=88906
Reviewed by Simon Fraser.
The compositing layers in the tile cache could become siblings
of the compositing layers for page elements. This meant that in
some 3d transforms, the elements could disappear behind the
page background (which is rendered into the tile cache) or intersect
with the tile cache tiles.
Fix this by inserting a flattening layer between the tile cache
and the page, ensuring that the cache will always be rendered
first. I was able to reuse the clipping layer for this, because
the tile cache is attached to the RenderView, so there should never
be a case where we have both a clipping layer and tiles.
The unfortunate part of this code is the temporary state variable
that wraps the call to GraphicsLayer::create. Because that method
calls back into the object, we need to make sure we don't create
another tile cache.
Also added some obvious names to the tile cache layers to
help with debugging.
Test: compositing/tile-cache-must-flatten.html
* platform/graphics/ca/mac/TileCache.mm:
(WebCore::TileCache::TileCache): give the tile host layer a name.
(WebCore::TileCache::createTileLayer):
* platform/graphics/ca/mac/WebTileCacheLayer.mm:
(WebCore): give each tile layer a name.
* rendering/RenderLayerBacking.cpp:
(WebCore):
(WebCore::RenderLayerBacking::shouldUseTileCache): check if we're in the middle
of creating the primary graphics layer before answering.
(WebCore::RenderLayerBacking::createPrimaryGraphicsLayer): wrap our call to
createGraphicsLayer with a message to indicate we are making the layer that should
get a tile cache.
(WebCore::RenderLayerBacking::destroyGraphicsLayers):
(WebCore::RenderLayerBacking::updateGraphicsLayerConfiguration): needs to make
sure the flattening layer is in the tree.
(WebCore::RenderLayerBacking::updateGraphicsLayerGeometry):
(WebCore::RenderLayerBacking::updateInternalHierarchy):
(WebCore::RenderLayerBacking::updateClippingLayers):
(WebCore::RenderLayerBacking::backingStoreMemoryEstimate):
* rendering/RenderLayerBacking.h: rename m_clippingLayer to m_containmentLayer
because it can now either be the clip or the tile cache flattener. Also
a new state property used when creating the main graphics layer.
(WebCore::RenderLayerBacking::hasClippingLayer):
(WebCore::RenderLayerBacking::clippingLayer):
(WebCore::RenderLayerBacking::parentForSublayers):
(WebCore::RenderLayerBacking::hasTileCacheFlatteningLayer):
(WebCore::RenderLayerBacking::tileCacheFlatteningLayer):
(RenderLayerBacking):
2012-07-30 Lucas Forschler <lforschler@apple.com>
Merge 122082
2012-07-05 MORITA Hajime <morrita@google.com>
Heap-use-after-free in WebCore::RenderObject::destroyAndCleanupAnonymousWrappers
https://bugs.webkit.org/show_bug.cgi?id=90480
Reviewed by Kent Tamura.
If <select> has any insertion point, the attachment phase
unpextedly creates a renderer for distributed node and added to
the renderer of the <select>, which breaks an assumption and
results the crash.
This change tighten the childShouldCreateRenderer() to forbid
child renderers even from distributed nodes.
There is an exception as always: ValidationMessage can create a
ShadowRoot to <select>, which generates usually-forbidden child
renderers. This change introduces HTMLFormControlElement::validationMessageContains()
to let these renderers in.
Test: fast/dom/shadow/insertion-point-list-menu-crash.html
* html/HTMLFormControlElement.cpp:
(WebCore::HTMLFormControlElement::validationMessageContains):
(WebCore):
* html/HTMLFormControlElement.h:
(HTMLFormControlElement):
* html/HTMLSelectElement.cpp:
(WebCore::HTMLSelectElement::childShouldCreateRenderer):
* html/ValidationMessage.cpp:
(WebCore::ValidationMessage::contains):
(WebCore):
* html/ValidationMessage.h:
(WebCore):
(ValidationMessage):
2012-07-30 Lucas Forschler <lforschler@apple.com>
Merge 121912
2012-07-05 Nate Chapin <japhet@chromium.org>
REGRESSION (r115654): Sometimes does not replace content for multipart/x-mixed-replace
https://bugs.webkit.org/show_bug.cgi?id=88436
Reviewed by Brady Eidson.
Test: http/tests/multipart/multipart-replace-non-html-content.php
* loader/DocumentLoader.cpp:
(WebCore::DocumentLoader::commitData): We should only send receivedFirstData() once per main resource load,
rather than multiple times in a multipart load.
(WebCore::DocumentLoader::setupForReplaceByMIMEType): m_gotFirstByte isn't set to true until data is
actually committed, and multipart data is often not committed until the part is finished. Check
whether the SharedBuffer is non-null instead.
* testing/js/WebCoreTestSupport.cpp:
(WebCoreTestSupport::resetInternalsObject): The JSInternals object my have already been cleared if the window shell
was cleared as part of creation of a new Document. Check it before using it.
2012-07-30 Lucas Forschler <lforschler@apple.com>
Merge 121646
2012-07-01 Timothy Hatcher <timothy@apple.com>
Make the "Inspect Element" context menu item appear in nightly builds again.
rdar://problem/11702613
https://webkit.org/b/89323
Reviewed by Dan Bernstein.
* platform/ContextMenuItem.h:
Fix the order of the ContextMenuAction enum to be binary compatible with
older versions of WebKit.
2012-07-30 Lucas Forschler <lforschler@apple.com>
Merge 121645
2012-07-01 Dan Bernstein <mitz@apple.com>
<rdar://problem/11785743> [mac] Non-BMP characters in vertical text appear as missing glyphs
https://bugs.webkit.org/show_bug.cgi?id=90349
Reviewed by Dean Jackson.
Test: platform/mac/fast/text/vertical-surrogate-pair.html
* platform/graphics/mac/GlyphPageTreeNodeMac.cpp:
(WebCore::GlyphPage::fill): When calling wkGetVerticalGlyphsForCharacters or
CTFontGetGlyphsForCharacters with a buffer consisting of surrogate pair, account for those
functions’ behavior of placing glyphs at indices corresponding to the first character of
each pair.
2012-07-30 Lucas Forschler <lforschler@apple.com>
Merge 121643
2012-07-01 Kenichi Ishibashi <bashi@chromium.org>
Arabic shaping is incorrect if ZWNJ exist
https://bugs.webkit.org/show_bug.cgi?id=89843
Reviewed by Dan Bernstein.
mac port treats ZWJ (zero-width-joiner) and ZWNJ (zero-width-non-joiner) as a part of combining
character sequence. This could cause a problem when the font doesn't have glyph mapping of ZWJ and ZWNJ.
Suppose the text to be rendered is "U+0645(MEEM) U+06CC(FARSI YEH) U+200C(ZWNJ)". In this case, U+0645
and U+06CC are rendered in isolated form if the font doesn't have a glyph for ZWNJ. They should be joined.
This patch changes handling of ZWJ and ZWNJ. Treats ZWJ and ZWNJ as base characters so that a complex text
run isn't separate at the point of ZWJ and ZWNJ even the font doesn't contain glyphs for them.
If ComplexTextController finds ZWJ, it doesn't split the current complex text run.
Test: platform/mac/fast/text/arabic-zwj-and-zwnj.html
* platform/graphics/mac/ComplexTextController.cpp:
(WebCore::advanceByCombiningCharacterSequence): Don't treat ZWJ and ZWNJ as a part of combining character sequence.
(WebCore::ComplexTextController::collectComplexTextRuns): Set fontData to nextFontData if the baseCharacter is ZWJ.
2012-07-30 Lucas Forschler <lforschler@apple.com>
Merge 121299
2012-06-26 Alice Cheng <alice_cheng@apple.com>
Crash at WebCore::TextIterator::handleTextBox
https://bugs.webkit.org/show_bug.cgi?id=89526
<rdar://problem/10305315>
Reviewed by Darin Adler.
The range used for marking becomes invalid after SpellingCorrectionCommand, due to changes in the DOM made by ReplaceSelectionCommand.
This invalid range caused marking to be incorrect, and Mail.app to crash when iterating through the invalid range. To fix this,
recalculate the range for marking after SpellingCorrectionCommand.
Test: platform/mac/editing/spelling/autocorrection-blockquote-crash.html
* editing/AlternativeTextController.cpp:
(WebCore::AlternativeTextController::applyAlternativeTextToRange):
* editing/Editor.cpp: (WebCore::Editor::markAndReplaceFor):
* testing/Internals.cpp:
(WebCore):
(WebCore::Internals::hasAutocorrectedMarker):
* testing/Internals.h: (Internals):
* testing/Internals.idl:
2012-07-30 Lucas Forschler <lforschler@apple.com>
Merge 120954
2012-06-21 Brady Eidson <beidson@apple.com>
<rdar://problem/11718988> and https://bugs.webkit.org/show_bug.cgi?id=89673
showModalDialog fix creates risk of never returning from RunLoop::performWork, potentially blocking other event sources
In case handling a function on the queue places additional functions on the queue, we should
limit the number of functions each invocation of performWork() performs so it can return and
other event sources have a chance to spin.
The showModalDialog fix in question is http://trac.webkit.org/changeset/120879
Reviewed by Darin Adler and Anders Carlson.
* platform/RunLoop.cpp:
(WebCore::RunLoop::performWork): If there are only N functions in the queue when performWork is called,
only handle up to N functions before returning. Any additional functions will be handled the next time
the runloop spins.
2012-07-30 Lucas Forschler <lforschler@apple.com>
Merge 120662
2012-06-18 Mike Lawther <mikelawther@chromium.org>
Crash when setting title dynamically
https://bugs.webkit.org/show_bug.cgi?id=88083
Reviewed by Dan Bernstein.
Test: fast/text/title-crash.html
The crashing code takes a rare branch in StyleResolver::styleForElement() where
m_parentStyle is set to point to m_style. Consequently, while applying properties
to m_style we end up mutating m_parentStyle.
In this situation, we clone style() and point m_parentStyle at the clone. The
clone is destroyed at the end of StyleResolver::styleForElement().
* css/StyleResolver.cpp:
(WebCore::StyleResolver::collectMatchingRulesForList):
2012-07-30 Lucas Forschler <lforschler@apple.com>
Merge 119409
2012-06-04 Abhishek Arya <inferno@chromium.org>
Crash in multi-column layout.
https://bugs.webkit.org/show_bug.cgi?id=88022
Reviewed by Ojan Vafai.
The patch addresses two problems::
1. |this| in RenderBlock::splitBlocks can get destroyed when we
move its children to the clone and later call updateBeforeAfterContent
on the parent. So, we stop accessing its member variables and cache
it in a local.
2. Positioned objects were not getting cleared from our grand parents.
This will happen if our immediate children got moved to a clone tree,
however at our parent nothing was moved. So, we make sure to remove
the positioned objects at every level while we are doing the cloning.
Tests: fast/multicol/span/empty-anonymous-block-split-crash.html
fast/multicol/span/positioned-objects-not-removed-crash.html
* rendering/RenderBlock.cpp:
(WebCore::RenderBlock::splitBlocks):
2012-07-30 Lucas Forschler <lforschler@apple.com>
Merge 119227
2012-06-01 Dan Bernstein <mitz@apple.com>
Layout not updated after setting -webkit-line-clamp to none
https://bugs.webkit.org/show_bug.cgi?id=88049
Reviewed by Abhishek Arya.
Test: fast/flexbox/line-clamp-removed-dynamically.html
* rendering/RenderDeprecatedFlexibleBox.cpp:
(WebCore::RenderDeprecatedFlexibleBox::styleWillChange): Added. Calls clearLineClamp if
line-clamp will change to none.
(WebCore::RenderDeprecatedFlexibleBox::clearLineClamp): Added. Marks possibly-clamped
children for layout and clears truncation from blocks.
* rendering/RenderDeprecatedFlexibleBox.h:
2012-07-30 Lucas Forschler <lforschler@apple.com>
Merge 119184
2012-05-31 Tom Sepez <tsepez@chromium.org>
XSSAuditor bypass with leading /*///*/ comment
https://bugs.webkit.org/show_bug.cgi?id=88002
Reviewed by Adam Barth.
Fixes issue in xssauditor's parsing of /*/.
Test: http/tests/security/xssAuditor/script-tag-with-trailing-comment4.html
* html/parser/XSSAuditor.cpp:
(WebCore::XSSAuditor::decodedSnippetForJavaScript):
2012-07-30 Lucas Forschler <lforschler@apple.com>
Merge 118542
2012-05-25 Ken Buchanan <kenrb@chromium.org>
Layout root not getting cleared for anonymous renderers geting destroyed
https://bugs.webkit.org/show_bug.cgi?id=84002
Reviewed by Abhishek Arya.
This is a follow-up to r109406, which added a check to clear layout
roots when they point to a renderer that is being destroyed. The
thinking was that layout roots would never be anonymous renderers,
but there are some cases where this is not true (in particular,
generated content containers with overflow clips can be layout roots).
As in r109406, this patch has no layout test. This is because any test
that exercises this behavior is caused by an existing layout bug where
a child is not properly getting layout (or a renderer is getting dirtied
out of order during layout) and will fail multiple ASSERTs:
in particular, ASSERT(!m_layoutRoot->container() || !m_layoutRoot->
container()->needsLayout()) in FrameView::scheduleRelayoutOfSubtree(),
and ASSERT_NOT_REACHED() in RenderObject::clearLayoutRootIfNeeded().
We are preventing those bugs from manifesting as security issues with
this patch.
This also removes an ASSERT from the RenderObject destructor. This is
redundant with the condition in RenderObject::clearLayoutRootIfNeeded()
which is always called in RenderObject::willBeDestroyed(), so the check
is not needed. It had to be removed because it fails when I try to
adjust the ASSERT condition by removing the !node()
check, due to RenderWidget clearing its node() during destruction.
* rendering/RenderObject.cpp:
(WebCore::RenderObject::~RenderObject):
(WebCore::RenderObject::willBeDestroyed):
2012-07-30 Lucas Forschler <lforschler@apple.com>
Merge 118478 (required 118143)
2012-05-24 Dominic Mazzoni <dmazzoni@google.com>
Crash in WebCore::AccessibilityTable::isDataTable
https://bugs.webkit.org/show_bug.cgi?id=87409
Reviewed by Abhishek Arya.
Use Node::rendererIsEditable everywhere rather than
Node::isContentEditable because the latter can trigger a layout
and destroy the renderer. New test covers the change to
AccessibilityTable.cpp, changes to AccessibilityRenderObject.cpp
are covered by existing tests.
Test: accessibility/contenteditable-table-check-causes-crash.html
* accessibility/AccessibilityRenderObject.cpp:
(WebCore::AccessibilityRenderObject::isReadOnly):
(WebCore::AccessibilityRenderObject::contentChanged):
* accessibility/AccessibilityTable.cpp:
(WebCore::AccessibilityTable::isDataTable):
2012-07-30 Lucas Forschler <lforschler@apple.com>
Merge 118471
2012-05-24 Hayato Ito <hayato@chromium.org>
Fix crashes caused by a DOMCharacterDataModified event on a text node.
https://bugs.webkit.org/show_bug.cgi?id=86953
Reviewed by Dimitri Glazkov.
TextNode can be released while CharacterData::setData() will dispatch a mutation event.
So protect it.
Mutation event itself should not be dispatched on the test case.
This is being tracked by webkit bug https://bugs.webkit.org/show_bug.cgi?id=87372.
Test: fast/events/dom-character-data-modified-textarea-crash.html
* dom/CharacterData.cpp:
(WebCore::CharacterData::setData):
2012-07-30 Lucas Forschler <lforschler@apple.com>
Merge 118420
2012-05-24 Levi Weintraub <leviw@chromium.org>
Avoid creating InlineBoxes for floating and positioned objects in isolates.
https://bugs.webkit.org/show_bug.cgi?id=87277
Reviewed by Eric Seidel.
We currently will create a placeholder run for the first object we encounter inside an isolate. Then
in RenderBlockLineLayout's constructBidiRuns, we replace that run with the contents of the Isolate.
We run into problems when there are no valid contents in the Isolate. We can't simply remove the
placeholder if there's nothing to replace it with since it may be the logically last run, which we
track but can't rebuild by the time we're handling isolates (we've already shuffled the BidiRuns around).
With this change, we avoid creating a placeholder altogether until we hit contents in the isolate
that would warrant a BidiRun in the first place.
Test: fast/text/international/float-as-only-child-of-isolate-crash.html
* rendering/InlineIterator.h:
(WebCore::IsolateTracker::addFakeRunIfNecessary):
* rendering/RenderBlock.h:
(RenderBlock):
(WebCore::RenderBlock::shouldSkipCreatingRunsForObject):
* rendering/RenderBlockLineLayout.cpp:
(WebCore::RenderBlock::appendRunsForObject):
2012-07-30 Lucas Forschler <lforschler@apple.com>
Merge 118316
2012-05-23 Julien Chaffraix <jchaffraix@webkit.org>
Crash in RenderTableCol::nextColumn
https://bugs.webkit.org/show_bug.cgi?id=87314
Reviewed by Abhishek Arya.
Tests: fast/table/canvas-column-in-column-group.html
fast/table/columngroup-inside-columngroup.html
The issue comes from elements not abiding by the display property (e.g. canvas). This means
that any renderer with display: table-column would pass the current isChildAllowed check and
would confuse our algorithm to iterate.
We were getting away with allowing those children as table columns or column groups don't
paint themselves but it's better to just not allow such children in the first place.
* rendering/RenderTableCol.cpp:
(WebCore::RenderTableCol::isChildAllowed):
Fixed the logic to only accept proper column renderer (RenderTableCol with display: column
to ignore column-groups). Also removed an unneeded NULL-check.
2012-07-30 Lucas Forschler <lforschler@apple.com>
Merge 118248
2012-05-23 Abhishek Arya <inferno@chromium.org>
Crash in RenderInline::linesVisualOverflowBoundingBox.
https://bugs.webkit.org/show_bug.cgi?id=85804
Reviewed by Dave Hyatt.
Defer layout of replaced elements to the next line break function.
We shouldn't do it while we are clearing our inline chilren
lineboxes in full layout mode.
Test: fast/block/inline-children-root-linebox-crash.html
* rendering/RenderBlockLineLayout.cpp:
(WebCore::RenderBlock::layoutInlineChildren):
(WebCore::RenderBlock::LineBreaker::nextLineBreak):
2012-07-30 Lucas Forschler <lforschler@apple.com>
Merge 118213
2012-05-23 Chris Fleizach <cfleizach@apple.com>
Regression(r112694): Crash in WebCore::AXObjectCache::postNotification
https://bugs.webkit.org/show_bug.cgi?id=86029
Reviewed by Abhishek Arya.
Test: accessibility/content-changed-notification-causes-crash.html
* accessibility/AccessibilityObject.h:
(WebCore::AccessibilityObject::isDetached):
(AccessibilityObject):
* accessibility/AccessibilityRenderObject.cpp:
(WebCore::AccessibilityRenderObject::contentChanged):
2012-07-30 Lucas Forschler <lforschler@apple.com>
Merge 117792
2012-05-21 Stephen Chenney <schenney@chromium.org>
SVGAnimatedPropertyTearOff does not clear a self pointer on deletion
https://bugs.webkit.org/show_bug.cgi?id=86119
Reviewed by Nikolas Zimmermann.
SVGAnimatedPropertyTearOff contains two SVGPropertyTearOff objects
that have a pointer back to the SVGAnimatedPropertyTearOff. JS may
also have a reference to these SVGPropertyTearOff objects. When the
SVGAnimatedPropertyTearOff is deleted, the SVGPropertyTearOff objects
may live on, but the pointer back to the deleted animated property
tear off is left invalid. This patch clears the pointers on destruction
of the SVGAnimatedPropertyTearOff.
Test: svg/custom/bug86119.html
* svg/properties/SVGAnimatedPropertyTearOff.h:
(WebCore::SVGAnimatedPropertyTearOff::~SVGAnimatedPropertyTearOff):
(SVGAnimatedPropertyTearOff):
2012-07-30 Lucas Forschler <lforschler@apple.com>
Merge 116653
2012-05-10 Abhishek Arya <inferno@chromium.org>
Crash in InsertParagraphSeparatorCommand::doApply.
https://bugs.webkit.org/show_bug.cgi?id=84995
Reviewed by Ryosuke Niwa.
Test: editing/inserting/insert-paragraph-seperator-crash.html
* editing/DeleteSelectionCommand.cpp:
(WebCore::DeleteSelectionCommand::mergeParagraphs): no need of static cast, since
type of enclosingBlock returned is already Element*.
* editing/IndentOutdentCommand.cpp:
(WebCore::IndentOutdentCommand::tryIndentingAsListItem): no need of static cast, since
type of enclosingBlock returned is already Element*.
* editing/InsertParagraphSeparatorCommand.cpp:
(WebCore::InsertParagraphSeparatorCommand::doApply): RefPtr startBlock to guard against
mutation events.
* editing/htmlediting.cpp:
(WebCore::enclosingBlock): make sure type of enclosingNode is an element before doing
the static cast. This was already failing in a couple of layout tests. Also, isBlock
check already exists in the function call to enclosingNodeOfType, so don't need it
again on enclosingNode's renderer.
* editing/htmlediting.h:
(WebCore):
2012-07-30 Lucas Forschler <lforschler@apple.com>
Merge 118005
2012-05-22 Abhishek Arya <inferno@chromium.org>
Assertion failure (toRenderBox() called on a RenderInline) beneath RenderBlock::blockBeforeWithinSelectionRoot()
https://bugs.webkit.org/show_bug.cgi?id=86500
Reviewed by Ojan Vafai.
Patch by Dan Bernstein<mitz@apple.com>. I just added the test.
Test: fast/block/line-layout/selection-highlight-crash.html
* rendering/RenderBlock.cpp:
(WebCore::RenderBlock::blockBeforeWithinSelectionRoot): Demoted the object local variable to
RenderObject, changed use of parentBox() to parent(), and added toRenderBlock() in two places.
2012-07-30 Lucas Forschler <lforschler@apple.com>
Merge 117957
2012-05-22 Hayato Ito <hayato@chromium.org>
Fix crashes when a mouse points a <svg> element in shadow DOM subtree.
https://bugs.webkit.org/show_bug.cgi?id=86795
Reviewed by Nikolas Zimmermann.
<svg> elements in shadow dom subtree are still not supported.
This fixes only crashes.
Test: fast/dom/shadow/shadow-dom-event-dispatching.html
* dom/EventDispatcher.cpp:
(WebCore::eventTargetRespectingSVGTargetRules):
* page/EventHandler.cpp:
(WebCore::instanceAssociatedWithShadowTreeElement):
2012-07-30 Lucas Forschler <lforschler@apple.com>
Merge 117376
2012-05-16 James Robinson <jamesr@chromium.org>
CachedImage does not clear the ImageObserver pointer when dropping its Image ref
https://bugs.webkit.org/show_bug.cgi?id=86689
Reviewed by Eric Seidel.
Image instances keep a weak pointer to their ImageObserver, which may be null. CachedImage is an ImageObserver
and holds a RefPtr<Image> m_image. When CachedImage initializes its m_image to either an SVGImage or BitmapImage,
it sets itself as that Image's ImageObserver. However, CachedImage never clears the ImageObserver pointer, even
when dropping its reference to the Image. This means if other code holds a RefPtr<Image> there is no promise
that calls on that Image will be valid. This patch clears the CachedImage::m_image's ImageObserver pointer
whenever the CachedImage drops its reference. Image already has null checks for its m_imageObserver so this is
always a safe operation.
* loader/cache/CachedImage.cpp:
(WebCore::CachedImage::~CachedImage):
(WebCore::CachedImage::clear):
2012-07-30 Lucas Forschler <lforschler@apple.com>
Merge 117309
2012-05-16 Ken Buchanan <kenrb@chromium.org>
Crash due to first-letter not getting computed on RenderTableCell
https://bugs.webkit.org/show_bug.cgi?id=86133
Reviewed by Abhishek Arya.
RenderTableCell overrides RenderBlock::layout() but doesn't call
updateFirstLetter() in it. This is normally not a problem because
updateFirstLetter() gets called during preferred logical width
computation, but there exist rare occasions when layout of the table
cell happens without preferred logical widths being dirty, in which
case the first-letter update can be skipped.
This patch adds a call to updateFirstLetter() to
RenderTableCell::layout(). This ensures that the first-letter is up
to date before commencing block layout.
* rendering/RenderTableCell.cpp:
(WebCore::RenderTableCell::layout)
2012-07-30 Lucas Forschler <lforschler@apple.com>
Merge 117304
2012-05-16 Abhishek Arya <inferno@chromium.org>
Missing RenderApplet cast check in HTMLAppletElement::renderWidgetForJSBindings.
https://bugs.webkit.org/show_bug.cgi?id=86627
Reviewed by Andreas Kling.
Test: java/inline-applet-crash.html
* html/HTMLAppletElement.cpp:
(WebCore::HTMLAppletElement::renderWidgetForJSBindings):
2012-07-30 Lucas Forschler <lforschler@apple.com>
Merge 117289
2012-05-16 Rob Buis <rbuis@rim.com>
SVGSVGElement checkIntersection and checkEnclosure Mem corruption
https://bugs.webkit.org/show_bug.cgi?id=67923
Reviewed by Nikolas Zimmermann.
Only call checkIntersection/checkEnclosure when we have a valid renderer.
Test: svg/custom/intersection-list-null.svg
* svg/SVGSVGElement.cpp:
(WebCore::SVGSVGElement::checkIntersection):
(WebCore::SVGSVGElement::checkEnclosure):
2012-07-30 Lucas Forschler <lforschler@apple.com>
Merge 117161
2012-05-15 Abhishek Arya <inferno@chromium.org>
Crash due shadow tree parent confusion in SVG.
https://bugs.webkit.org/show_bug.cgi?id=84248
Reviewed by Nikolas Zimmermann.
Test: svg/foreignObject/viewport-foreignobject-crash.html
When we try to make a decision on whether we need an outer
SVGRoot container, we detect if we are in shadow tree or not.
We also need to make sure that our parentOrHostElement is also
an svg element.
* svg/SVGElement.cpp:
(WebCore::SVGElement::isOutermostSVGSVGElement):
2012-07-30 Lucas Forschler <lforschler@apple.com>
Merge 117007
2012-05-14 Takashi Sakamoto <tasak@google.com>
Crash in WebCore::RenderObject::repaint
https://bugs.webkit.org/show_bug.cgi?id=86162
Reviewed by Abhishek Arya.
As RenderScrollbarPart has no parent renderer, we crash in
WebCore::RenderBoxModelObject::paddingLeft when paddingLeft has
percent value, e.g. 5%. However if we set the scrollbar's parent
renderer to a renderer owning the scrollbar by using setParent method,
RenderScrollbarPart::styleWillChange will invoke parent renderer's
repaint. This causes crash in WebCore::RenderObject::repaint if the
owning renderer is already destroyed.
To fix the first crash without the second crash, modify
RenderObject::containingBlock() to check isRenderScrollbarPart or not,
if parent() is 0.
If so, use scrollbar's owningRenderer from RenderScrollbarPart.
Test: scrollbars/scrollbar-percent-padding-crash.html
scrollbars/scrollbar-scrollbarparts-repaint-crash.html
* rendering/RenderObject.cpp:
(WebCore::RenderObject::containingBlock):
Modifying containingBlock. If parent() is 0 and isRenderScrollbarPart()
is true, use RenderScrollbarPart's m_scrollbar->owningRenderer()
instead of parent().
* rendering/RenderObject.h:
(WebCore::RenderObject::isRenderScrollbarPart):
(RenderObject):
Adding a new method, isRenderScrollbarPart.
* rendering/RenderScrollbarPart.cpp:
(WebCore::RenderScrollbarPart::rendererOwningScrollbar):
(WebCore):
Adding a new method, scrollbarOwningRenderer to obtain m_scrollar's
owningRenderer.
* rendering/RenderScrollbarPart.h:
(RenderScrollbarPart):
Removing "friend class RenderScrollbar".
(WebCore::RenderScrollbarPart::isRenderScrollbarPart):
(WebCore::toRenderScrollbarPart):
(WebCore):
Implementing isRenderScrollbarPart and toRenderScrollbarPart.
2012-07-30 Lucas Forschler <lforschler@apple.com>
Merge 116860
2012-05-12 Philip Rogers <pdr@google.com>
Cleanup before changing attributeName in SVG <animate>
https://bugs.webkit.org/show_bug.cgi?id=86100
Reviewed by Nikolas Zimmermann.
Changing attributeName caused a crash because references were not removed from the old target.
This change simply cleans up before changing attributeName in SVG animation elements.
Test: svg/animations/dynamic-modify-attributename-crash.svg
* svg/animation/SVGSMILElement.cpp:
(WebCore::SVGSMILElement::svgAttributeChanged):
2012-07-30 Lucas Forschler <lforschler@apple.com>
Merge 116827
2012-05-11 David Barton <dbarton@mathscribe.com>
use after free in WebCore::RenderObject::document
https://bugs.webkit.org/show_bug.cgi?id=84891
Reviewed by Julien Chaffraix.
Change RenderMathMLFenced::addChild() to use the beforeChild parameter. When beforeChild
is 0, insert child renderers before the closing fence, which might not be the same as
this->lastChild(), e.g. possibly due to anonymous blocks or generated content.
Tests: mathml/presentation/mfenced-add-child1-expected.html
mathml/presentation/mfenced-add-child1.html
mathml/presentation/mfenced-add-child2-expected.html
mathml/presentation/mfenced-add-child2.html
* rendering/mathml/RenderMathMLFenced.cpp:
(WebCore::RenderMathMLFenced::RenderMathMLFenced):
(WebCore::RenderMathMLFenced::makeFences):
(WebCore::RenderMathMLFenced::addChild):
* rendering/mathml/RenderMathMLFenced.h:
(RenderMathMLFenced):
2012-07-30 Lucas Forschler <lforschler@apple.com>
Merge 116717
2012-05-10 Abhishek Arya <inferno@chromium.org>
Crash in swapInNodePreservingAttributesAndChildren.
https://bugs.webkit.org/show_bug.cgi?id=85197
Reviewed by Ryosuke Niwa.
Keep the children in a ref vector before adding them to newNode.
They can get destroyed due to mutation events.
No new tests because we don't have a reduction.
* editing/ReplaceNodeWithSpanCommand.cpp:
(WebCore::swapInNodePreservingAttributesAndChildren):
2012-07-30 Lucas Forschler <lforschler@apple.com>
Merge 116698
2012-05-10 Abhishek Arya <inferno@chromium.org>
Crash in FontCache::releaseFontData due to infinite float size.
https://bugs.webkit.org/show_bug.cgi?id=86110
Reviewed by Andreas Kling.
New callers always forget to clamp the font size, which overflows
to infinity on multiplication. It is best to clamp it at the end
to avoid getting greater than std::numeric_limits<float>::max().
Test: fast/css/large-font-size-crash.html
* platform/graphics/FontDescription.h:
(WebCore::FontDescription::setComputedSize):
(WebCore::FontDescription::setSpecifiedSize):
2012-07-30 Lucas Forschler <lforschler@apple.com>
Merge 116683
2012-05-10 Abhishek Arya <inferno@chromium.org>
Crash due to floats not removed from first-letter element.
https://bugs.webkit.org/show_bug.cgi?id=86019
Reviewed by Julien Chaffraix.
Move clearing logic of a floating/positioned object from removeChild
to removeChildNode. There are lot of places which use removeChildNode
directly and hence the object is not removed from the floating or
positioned objects list.
Test: fast/block/float/float-not-removed-from-first-letter.html
* rendering/RenderObject.cpp:
(WebCore::RenderObject::removeChild):
* rendering/RenderObjectChildList.cpp:
(WebCore::RenderObjectChildList::removeChildNode):
2012-07-30 Lucas Forschler <lforschler@apple.com>
Merge 116669
2012-05-10 Abhishek Arya <inferno@chromium.org>
Crash in ApplyStyleCommand::joinChildTextNodes.
https://bugs.webkit.org/show_bug.cgi?id=85939
Reviewed by Ryosuke Niwa.
Test: editing/style/apply-style-join-child-text-nodes-crash.html
* editing/ApplyStyleCommand.cpp:
(WebCore::ApplyStyleCommand::applyRelativeFontStyleChange): add conditions
to bail out if our start and end position nodes are removed due to
mutation events in joinChildTextNodes.
(WebCore::ApplyStyleCommand::applyInlineStyle): this executes after
applyRelativeFontStyleChange in ApplyStyleCommand::doApply. So, need
to bail out if our start and end position nodes are removed due to
mutation events.
(WebCore::ApplyStyleCommand::joinChildTextNodes): hold all the children
in a ref vector to prevent them from getting destroyed due to mutation events.
2012-07-30 Lucas Forschler <lforschler@apple.com>
Merge 116647
2012-05-10 Stephen Chenney <schenney@chromium.org>
SVG Filters allow invalid elements as children
https://bugs.webkit.org/show_bug.cgi?id=83979
Reviewed by Nikolas Zimmermann.
According to the SVG spec, there are numerous restrictions on the
content of nodes (that is, their children). Specific to this problem,
SVGFilter elements may only contain SVGFilterPrimitive elements, and
those may only contain animation related elements. This patch enforces
the restriction on filters in the render tree, thus preventing us from
having (for instance) content that is inside a filter yet filtered by
the filter.
Manual test: ManualTests/bugzilla-83979.svg
* svg/SVGFilterElement.cpp:
(WebCore::SVGFilterElement::childShouldCreateRenderer): Added to only allow renderers for fe* children
(WebCore):
* svg/SVGFilterElement.h:
(SVGFilterElement):
* svg/SVGFilterPrimitiveStandardAttributes.h: Do not allow any children at all for fe* elements.
(SVGFilterPrimitiveStandardAttributes):
2012-07-30 Lucas Forschler <lforschler@apple.com>
Merge 116642
2012-05-10 Keishi Hattori <keishi@webkit.org>
Crash in HTMLFormControlElement::m_fieldSetAncestor
https://bugs.webkit.org/show_bug.cgi?id=86070
Reviewed by Kent Tamura.
No new tests.
The previous patch r115990 didn't completely resolve the crash (Bug 85453)
We don't have a reproducible test case, so we are reverting to the old code for setting m_fieldSetAncestor.
* html/HTMLFormControlElement.cpp:
(WebCore::HTMLFormControlElement::HTMLFormControlElement):
(WebCore::HTMLFormControlElement::updateFieldSetAndLegendAncestor):
(WebCore::HTMLFormControlElement::insertedInto): Set m_dataListAncestorState to Unknown because ancestor has changed. Call setNeedsWillValidateCheck because style might need to be updated.
(WebCore::HTMLFormControlElement::removedFrom):
(WebCore::HTMLFormControlElement::disabled):
(WebCore::HTMLFormControlElement::recalcWillValidate):
(WebCore::HTMLFormControlElement::willValidate):
(WebCore::HTMLFormControlElement::setNeedsWillValidateCheck):
* html/HTMLFormControlElement.h:
(HTMLFormControlElement): Added m_dataListAncestorState.
2012-07-30 Lucas Forschler <lforschler@apple.com>
Merge 116551
2012-05-09 Ken Buchanan <kenrb@chromium.org>
Crash from removal of a line break object
https://bugs.webkit.org/show_bug.cgi?id=85997
Reviewed by David Hyatt.
Regression from r115343. That replaced a call to setNeedsLayout()
with a separate call that used a different bit during linebox
invalidation after renderer child removal. There are special cases
where layout isn't marked on parent nodes just from the removal, so
line dirtying needs to explicitly mark ancestors for layout.
* rendering/RenderObject.h:
(WebCore::RenderObject::setAncestorLineBoxDirty):
2012-07-30 Lucas Forschler <lforschler@apple.com>
Merge 116545
2012-05-09 Abhishek Arya <inferno@chromium.org>
Crash in ReplaceSelectionCommand::performTrivialReplace
https://bugs.webkit.org/show_bug.cgi?id=85943
Reviewed by Ryosuke Niwa.
RefPtr nodeAfterInsertionPos to guard against mutation events.
Test: editing/inserting/insert-html-crash.html
* editing/ReplaceSelectionCommand.cpp:
(WebCore::ReplaceSelectionCommand::performTrivialReplace):
2012-07-30 Lucas Forschler <lforschler@apple.com>
Merge 116476
2012-05-08 Abhishek Arya <inferno@chromium.org>
Crash due to owning renderer not removed from custom scrollbar.
https://bugs.webkit.org/show_bug.cgi?id=80610
Reviewed by Eric Seidel.
Test: scrollbars/scrollbar-owning-renderer-crash.html
Changed RenderScrollbar to keep pointer to owning node, instead of the
renderer. Renderer can get destroyed without informing the scrollbar, causing
crashes later. Remove code from r94107 since it is not needed anymore and saves
times when RenderBox is getting destroyed.
* page/FrameView.cpp:
(WebCore::FrameView::createScrollbar): pass renderer's node.
* page/FrameView.h:
* rendering/RenderBox.cpp:
(WebCore::RenderBox::willBeDestroyed): no longer need this. came originally from r94107.
* rendering/RenderLayer.cpp:
(WebCore::RenderLayer::createScrollbar): pass renderer's node.
(WebCore::RenderLayer::destroyScrollbar): no longer need to clear owning renderer.
* rendering/RenderListBox.cpp:
(WebCore::RenderListBox::createScrollbar): pass renderer's node.
* rendering/RenderMenuList.cpp:
(WebCore::RenderMenuList::createScrollbar): pass renderer's node.
* rendering/RenderScrollbar.cpp:
(WebCore::RenderScrollbar::createCustomScrollbar): Store owner node instead of renderer.
(WebCore::RenderScrollbar::RenderScrollbar): Store owner node instead of renderer.
(WebCore::RenderScrollbar::owningRenderer): calculate owning renderer from owner node.
* rendering/RenderScrollbar.h:
(RenderScrollbar):
* rendering/RenderTextControlSingleLine.cpp:
(WebCore::RenderTextControlSingleLine::createScrollbar): pass renderer's node.
2012-07-27 Lucas Forschler <lforschler@apple.com>
Merge 116357
2012-05-07 Ken Buchanan <kenrb@chromium.org>
Crash due to positioned object list not being cleared during block flow split
https://bugs.webkit.org/show_bug.cgi?id=85074
Reviewed by Abhishek Arya.
When an element is being split due to a column span element being
inserted, any of its ancestors that are underneath the column
containing block also get split. If an ancestor has an object in
its positioned object list from a previous layout, then the list
will have to be cleared because the positioned object could have moved
to be under the continuation. This patch causes the list to be
cleared.
* rendering/RenderBlock.cpp:
(WebCore::RenderBlock::splitBlocks):
2012-07-26 Lucas Forschler <lforschler@apple.com>
Merge 116325
2012-05-07 Abhishek Arya <inferno@chromium.org>
Crash in RenderBlock::updateFirstLetterStyle.
https://bugs.webkit.org/show_bug.cgi?id=85759
Reviewed by Julien Chaffraix.
Test: fast/css-generated-content/first-letter-next-sibling-crash.html
RenderBlock::removeChild can bring up the children from last single anonymous block,
causing |nextSibling| in RenderBlock::updateFirstLetterStyle to go stale. We prevent
this by removing the child safely using removeChildNode before destroying it.
* rendering/RenderBlock.cpp:
(WebCore::RenderBlock::updateFirstLetterStyle):
2012-06-22 Lucas Forschler <lforschler@apple.com>
Rollout 121034
This was 120954 from trunk.
2012-06-22 Lucas Forschler <lforschler@apple.com>
Merge 120954
2012-06-21 Brady Eidson <beidson@apple.com>
<rdar://problem/11718988> and https://bugs.webkit.org/show_bug.cgi?id=89673
showModalDialog fix creates risk of never returning from RunLoop::performWork, potentially blocking other event sources
In case handling a function on the queue places additional functions on the queue, we should
limit the number of functions each invocation of performWork() performs so it can return and
other event sources have a chance to spin.
The showModalDialog fix in question is http://trac.webkit.org/changeset/120879
Reviewed by Darin Adler and Anders Carlson.
* platform/RunLoop.cpp:
(WebCore::RunLoop::performWork): If there are only N functions in the queue when performWork is called,
only handle up to N functions before returning. Any additional functions will be handled the next time
the runloop spins.
2012-06-20 Lucas Forschler <lforschler@apple.com>
Merge 120879
2012-06-20 Brady Eidson <beidson@apple.com>
<rdar://problem/11653784> and https://bugs.webkit.org/show_bug.cgi?id=89590
showModalDialog message handling is flaky in WebKit2
Because RunLoop::performWork() swaps the function queue to a temporary Vector before calling
the functions an inner run-loop - such as we see with running a modal dialog - does not have
a change to handle any of the functions that were queued after the WebPageProxy::RunModal message.
By servicing the functions in the queue one at a time we can give the RunLoop a chance to pick up
where it left off if RunLoop::performWork is re-entered.
To guarantee RunLoop::performWork is re-entered to handle those functions we also need to signal
its source before entering the modal run loop so our RunLoop is woken up.
Reviewed by Darin Adler.
* WebCore.exp.in:
* platform/RunLoop.cpp:
(WebCore::RunLoop::performWork): Take the first function off the queue one at a time so subsequent
functions remain in the queue and can be handled by an inner modal run loop.
* platform/RunLoop.h:
(RunLoop): Change the function queue to be a Deque to efficiently support "takeFirst"
2012-06-12 Lucas Forschler <lforschler@apple.com>
Merge 120364
2012-06-14 Andreas Kling <kling@webkit.org>
Crashes below IconDatabase::performPendingRetainAndReleaseOperations().
<http://webkit.org/b/88846>
<rdar://problem/11629106>
Reviewed by Brady Eidson.
Put isolatedCopy() strings in the retain/release operation queues to make sure it's safe
for secondary threads to ref/deref them in performPendingRetainAndReleaseOperations().
Also added assertions as appropriate.
* loader/icon/IconDatabase.cpp:
(WebCore::IconDatabase::retainIconForPageURL):
(WebCore::IconDatabase::releaseIconForPageURL):
(WebCore::IconDatabase::performPendingRetainAndReleaseOperations):
2012-06-12 Lucas Forschler <lforschler@apple.com>
Merge 120357
2012-06-14 Jia Pu <jpu@apple.com>
Mark text with text alternative with blue underline.
https://bugs.webkit.org/show_bug.cgi?id=83047
Reviewed by Enrica Casucci.
Tests: platform/mac/editing/input/edit-dictated-text-with-alternative.html
platform/mac/editing/input/insert-dictated-text.html
This patch implements visual indication on dictated text with alternatives, and provides UI
to show alternative text on OS X. Majority of the changes is for generalizing existing AlternativeTextController
class to handle dictation alternatives. The two new classes, AlternativeTextUIController and
TextAlternativeWithRange, are used by both WebKit and WK2. So WebCore seems to be the natural place
for them.
* WebCore.exp.in:
* WebCore.xcodeproj/project.pbxproj:
* editing/AlternativeTextController.cpp: Expanded exising class interface to support dictation alternatives.
(DictationAlternativeDetails): Marker detail class for dictation alternative mark.
(WebCore::DictationAlternativeDetails::create):
(WebCore::DictationAlternativeDetails::dictationContext):
(WebCore::DictationAlternativeDetails::DictationAlternativeDetails):
(WebCore::markerTypesForAppliedDictationAlternative):
(WebCore::AlternativeTextController::applyAlternativeTextToRange): Generalized existing applyAlternativeTextToRange() to handle dictation alternatives.
(WebCore::AlternativeTextController::timerFired): Expanded existing code to handle dictation alternatives.
(WebCore::AlternativeTextController::handleAlternativeTextUIResult): Expanded existing code to handle dictation alternatives.
(WebCore::AlternativeTextController::respondToChangedSelection): Moved part of the function into respondToMarkerAtEndOfWord() to improve readability.
(WebCore::AlternativeTextController::shouldStartTimerFor):
(WebCore::AlternativeTextController::respondToMarkerAtEndOfWord):
(WebCore::AlternativeTextController::markerDescriptionForAppliedAlternativeText):
(WebCore::AlternativeTextController::removeDictationAlternativesForMarker):
(WebCore::AlternativeTextController::dictationAlternativesForMarker):
(WebCore::AlternativeTextController::applyDictationAlternative):
* editing/AlternativeTextController.h:
* editing/Editor.cpp:
(WebCore::Editor::notifyComponentsOnChangedSelection): Renamed existing respondToChangedSelection() function to avoid naming collision.
(WebCore::Editor::appliedEditing):
(WebCore::Editor::unappliedEditing):
(WebCore::Editor::reappliedEditing):
(WebCore::Editor::updateMarkersForWordsAffectedByEditing):
(WebCore::Editor::changeSelectionAfterCommand):
(WebCore::Editor::respondToChangedSelection):
(WebCore::Editor::dictationAlternativesForMarker):
(WebCore::Editor::applyDictationAlternativelternative):
* editing/Editor.h:
* editing/FrameSelection.h:
* editing/mac/AlternativeTextUIController.h: Added. WK1 and WK2 use this class to keep track of text alternatives objects.
(AlternativeTextUIController):
(WebCore::AlternativeTextUIController::AlternativeTextUIController):
(AlernativeTextContextController):
(WebCore::AlternativeTextUIController::AlernativeTextContextController::AlernativeTextContextController):
* editing/mac/AlternativeTextUIController.mm: Added.
(WebCore::AlternativeTextUIController::AlernativeTextContextController::addAlternatives):
(WebCore::AlternativeTextUIController::AlernativeTextContextController::alternativesForContext):
(WebCore::AlternativeTextUIController::AlernativeTextContextController::removeAlternativesForContext):
(WebCore::AlternativeTextUIController::AlernativeTextContextController::clear):
(WebCore::AlternativeTextUIController::addAlternatives):
(WebCore::AlternativeTextUIController::alternativesForContext):
(WebCore::AlternativeTextUIController::clear):
(WebCore::AlternativeTextUIController::showAlternatives):
(WebCore::AlternativeTextUIController::handleAcceptedAlternative):
(WebCore::AlternativeTextUIController::dismissAlternatives):
(WebCore::AlternativeTextUIController::removeAlternatives):
* editing/mac/TextAlternativeWithRange.h: Added. A simple struct to make it easier to pass around a pair of text alternatives object and range.
* editing/mac/TextAlternativeWithRange.mm: Added.
(WebCore::TextAlternativeWithRange::TextAlternativeWithRange):
(WebCore::collectDictationTextAlternatives):
* page/AlternativeTextClient.h:
* page/ContextMenuController.cpp: Added code to show alternative dictated text in context menu.
(WebCore::ContextMenuController::contextMenuItemSelected):
(WebCore::ContextMenuController::populate):
(WebCore::ContextMenuController::checkOrEnableIfNeeded):
* platform/ContextMenuItem.h:
* rendering/HitTestResult.cpp:
(WebCore::HitTestResult::dictationAlternatives):
* rendering/HitTestResult.h:
* rendering/InlineTextBox.cpp:
(WebCore::InlineTextBox::paintDocumentMarker):
2012-06-12 Lucas Forschler <lforschler@apple.com>
Merge 119739
2012-06-07 Jer Noble <jer.noble@apple.com>
sometimes all slaved videos don't start playing
https://bugs.webkit.org/show_bug.cgi?id=88553
Reviewed by Darin Adler.
Test: media/media-controller-time-clamp.html
Some PlatformClock classes will occasionally return times < 0 and will
always return times slightly > duration() when playback has ended. Clamp
the value of currentTime() to the specified [0..duration] range.
* html/MediaController.cpp:
(MediaController::currentTime):
2012-06-12 Lucas Forschler <lforschler@apple.com>
Merge 119644
2012-06-06 Brady Eidson <beidson@apple.com>
<rdar://problem/11575112> and https://bugs.webkit.org/show_bug.cgi?id=88428
REGRESSION (r115654): Opening many non-English WebArchives shows obvious encoding issues
Reviewed by Nate Chapin.
Test: fast/loader/webarchive-encoding-respected.html
* loader/DocumentLoader.cpp:
(WebCore::DocumentLoader::commitData): Properly set the main resource encoding from the webarchive.
2012-06-06 Mark Rowe <mrowe@apple.com>
Merge r119548.
2012-06-05 Vitaly Buka <vitalybuka@chromium.org>
Special layout handler should be done on top frame being printed.
https://bugs.webkit.org/show_bug.cgi?id=88201
Reviewed by Brady Eidson.
No new tests. Root case is already covered by tests.
Case described in the issue can be reproduced only by direct call
to Frame::setPrinting of subframe. Probably it's not possible with
layout tests.
* page/Frame.cpp:
(WebCore::Frame::setPrinting):
Use shouldUsePrintingLayout to choose proper version of forceLayout().
(WebCore::Frame::shouldUsePrintingLayout):
Checks if current frame is the top frame being printed.
* rendering/RenderView.cpp:
(WebCore::RenderView::shouldUsePrintingLayout): Forward to Frame.
2012-06-06 Mark Rowe <mrowe@apple.com>
Merge r119136.
2012-05-31 Brady Eidson <beidson@apple.com>
<rdar://problem/11544454> and https://bugs.webkit.org/show_bug.cgi?id=87990
Crashes unregistering DOMWindowProperties while releasing CachedPages
Reviewed by Jessie Berlin.
This patch rewrites DOMWindowProperty to always keep direct track of the DOMWindow
it has registered with and to only ever unregister from that very same DOMWindow.
No new tests. (While the direct cause of the crash is understood, reproducing it is not)
* page/DOMWindowProperty.cpp:
(WebCore::DOMWindowProperty::DOMWindowProperty):
(WebCore::DOMWindowProperty::~DOMWindowProperty):
(WebCore::DOMWindowProperty::disconnectFrameForPageCache):
(WebCore::DOMWindowProperty::reconnectFrameFromPageCache):
(WebCore::DOMWindowProperty::willDestroyGlobalObjectInCachedFrame):
(WebCore::DOMWindowProperty::willDestroyGlobalObjectInFrame):
(WebCore::DOMWindowProperty::willDetachGlobalObjectFromFrame):
* page/DOMWindowProperty.h:
(DOMWindowProperty):
2012-06-06 Mark Rowe <mrowe@apple.com>
Merge r119274.
2012-06-01 Beth Dakin <bdakin@apple.com>
https://bugs.webkit.org/show_bug.cgi?id=87774
REGRESSION (r105515): reflection masks are truncated at zoom levels < 1
-and corresponding-
<rdar://problem/11387506>
Reviewed by Simon Fraser.
paintNinePieceImage() expects un-zoomed results from
calculateImageIntrinsicDimensions(). This was previously addressed by having
paintNinePieceImage() divide the effective zoom out of the result from
calculateImageIntrinsicDimensions(). However, that results in buggy behavior for
generated images and images with percentage sizes. In the end it seems best to
just send a parameter to calculateImageIntrinsicDimensions() indicating whether
the caller wants the result to be scaled by the effective zoom when appropriate.
* rendering/RenderBoxModelObject.cpp:
(WebCore::RenderBoxModelObject::calculateImageIntrinsicDimensions):
(WebCore::RenderBoxModelObject::calculateFillTileSize):
(WebCore::RenderBoxModelObject::paintNinePieceImage):
* rendering/RenderBoxModelObject.h:
(RenderBoxModelObject):
2012-05-31 Tim Horton <timothy_horton@apple.com>
Disable CSS regions and exclusions on the Ampere branch
<rdar://problem/10887709>
Reviewed by Alexey Proskuryakov.
Fix mismerge of regions-disabling patch (broke -webkit-print-color-adjust)
* css/CSSParser.cpp:
(WebCore::isValidKeywordPropertyAndValue):
* dom/Document.idl:
2012-05-31 Ojan Vafai <ojan@chromium.org>
add back the ability to disable flexbox
https://bugs.webkit.org/show_bug.cgi?id=87147
Reviewed by Tony Chang.
* Configurations/FeatureDefines.xcconfig:
* css/CSSParser.cpp:
(WebCore::isValidKeywordPropertyAndValue):
2012-05-31 Tim Horton <timothy_horton@apple.com>
Disable CSS3 flexbox
<rdar://problem/11524921>
Reviewed by John Sullivan.
* Configurations/FeatureDefines.xcconfig:
2012-05-31 Tim Horton <timothy_horton@apple.com>
ENABLE_CSS3_FLEXBOX is insufficient to disable all web-facing bits of the feature
https://bugs.webkit.org/show_bug.cgi?id=87537
<rdar://problem/11524921>
Reviewed by Simon Fraser.
Allow the feature flag to disable more web-facing parts of the CSS3 flexbox
implementation (primarily fallout from hiding it from computed style).
* css/CSSComputedStyleDeclaration.cpp:
(WebCore::CSSComputedStyleDeclaration::getPropertyCSSValue):
* css/CSSParser.cpp:
(WebCore::isValidKeywordPropertyAndValue):
(WebCore::isKeywordPropertyID):
(WebCore::CSSParser::parseValue):
* css/CSSPrimitiveValueMappings.h:
(WebCore::CSSPrimitiveValue::CSSPrimitiveValue):
* css/CSSProperty.cpp:
(WebCore::CSSProperty::isInheritedProperty):
* css/CSSPropertyNames.in:
* css/CSSValueKeywords.in:
* css/StyleBuilder.cpp:
(WebCore::StyleBuilder::StyleBuilder):
* css/StylePropertySet.cpp:
(WebCore::StylePropertySet::getPropertyValue):
(WebCore::StylePropertySet::asText):
* css/StylePropertyShorthand.cpp:
(WebCore::shorthandForProperty):
* css/StylePropertyShorthand.h:
* css/StyleResolver.cpp:
(WebCore::StyleResolver::collectMatchingRulesForList):
* page/animation/CSSPropertyAnimation.cpp:
(WebCore::CSSPropertyAnimation::ensurePropertyMap):
* rendering/RenderObject.cpp:
(WebCore::RenderObject::createObject):
* rendering/style/RenderStyleConstants.h:
2012-05-31 Tim Horton <timothy_horton@apple.com>
Add feature defines for web-facing parts of CSS Regions and Exclusions
https://bugs.webkit.org/show_bug.cgi?id=87442
<rdar://problem/10887709>
Reviewed by Dan Bernstein.
* Configurations/FeatureDefines.xcconfig:
* GNUmakefile.am:
* bindings/generic/RuntimeEnabledFeatures.cpp:
* bindings/generic/RuntimeEnabledFeatures.h:
(RuntimeEnabledFeatures):
(WebCore::RuntimeEnabledFeatures::setCSSExclusionsEnabled):
(WebCore::RuntimeEnabledFeatures::cssExclusionsEnabled):
* bindings/js/JSCSSRuleCustom.cpp:
(WebCore::toJS):
* bindings/objc/DOMCSS.mm:
(kitClass):
* css/CSSComputedStyleDeclaration.cpp:
(WebCore::CSSComputedStyleDeclaration::getPropertyCSSValue):
* css/CSSParser.cpp:
(WebCore::isSimpleLengthPropertyID):
(WebCore::isValidKeywordPropertyAndValue):
(WebCore::isKeywordPropertyID):
(WebCore::CSSParser::parseValue):
(WebCore::CSSParser::detectAtToken):
* css/CSSProperty.cpp:
(WebCore::CSSProperty::isInheritedProperty):
* css/CSSPropertyNames.in:
* css/CSSRule.cpp:
(WebCore::CSSRule::cssText):
(WebCore::CSSRule::destroy):
(WebCore::CSSRule::reattach):
* css/CSSRule.h:
(WebCore::CSSRule::isRegionRule):
* css/CSSRule.idl:
* css/StyleBuilder.cpp:
(WebCore::StyleBuilder::StyleBuilder):
* css/StylePropertySet.cpp:
(WebCore::StylePropertySet::getPropertyValue):
(WebCore::StylePropertySet::asText):
* css/StylePropertyShorthand.cpp:
(WebCore::shorthandForProperty):
* css/StylePropertyShorthand.h:
* css/StyleResolver.cpp:
(WebCore::StyleResolver::collectMatchingRulesForList):
* css/StyleRule.cpp:
(WebCore::StyleRuleBase::destroy):
(WebCore::StyleRuleBase::copy):
(WebCore::StyleRuleBase::createCSSOMWrapper):
* css/WebKitCSSRegionRule.cpp:
* css/WebKitCSSRegionRule.h:
* css/WebKitCSSRegionRule.idl:
* dom/Document.cpp:
* dom/Document.h:
* dom/Document.idl:
* page/DOMWindow.idl:
* page/Settings.cpp:
(WebCore::Settings::Settings):
* page/Settings.h:
(WebCore::Settings::setCSSRegionsEnabled):
(WebCore::Settings::cssRegionsEnabled):
2012-05-30 Lucas Forschler <lforschler@apple.com>
Merge 118891
2012-05-29 Yoshifumi Inoue <yosin@chromium.org>
REGRESSION(r111497): The "option" element doesn't match CSS pseudo class :enabled
https://bugs.webkit.org/show_bug.cgi?id=87719
Reviewed by Kent Tamura.
This patch added checking of "option" element for CSS pseudo class :enabled as same as
:disabled to selector checker. Before r111497, it was done by using isFormControlElement.
After that revision, HTMLOptionElement was no longer derived from HTMLFormControlElement.
Test: fast/form/select/optgroup-rendering.html
* css/SelectorChecker.cpp:
(WebCore::SelectorChecker::checkOneSelector): Checking element is option element as same
as PseudoDisabled in PseudoEnabled case.
2012-05-30 Lucas Forschler <lforschler@apple.com>
Merge 118883
2012-05-29 Eric Seidel <eric@webkit.org>
Fix ENABLE_IFRAME_SEAMLESS to actually fully disable <iframe seamless>
https://bugs.webkit.org/show_bug.cgi?id=87646
Reviewed by Adam Barth.
In the process of moving the seamless feature out of github and into bugs.webkit.org
multiple versions of the shouldDisplaySeamlessly function got written
(and moved from HTMLIFrameElement to Document), but only one of them was wrapped
in ENABLE_IFRAME_SEAMLESS. HTMLIFrameElement was checking mayDisplaySeamlessly
directly (as was my original design), which got around the ENABLE_IFRAME_SEAMLESS check.
I've fixed this oversight, and the feature is now off when we tell it to be off.
This is covered by many existing tests. I've verified locally that
all tests fail when ENABLE_IFRAME_SEAMLESS is disabled instead of
only some of them.
* dom/SecurityContext.h:
(SecurityContext):
* html/HTMLIFrameElement.cpp:
(WebCore::HTMLIFrameElement::shouldDisplaySeamlessly):
2012-05-30 Lucas Forschler <lforschler@apple.com>
Merge 118820
2012-05-29 John Sullivan <sullivan@apple.com>
Update label for blacklisted plug-in
https://bugs.webkit.org/show_bug.cgi?id=87767
rdar://problem/11550048
Reviewed by Kevin Decker.
* English.lproj/Localizable.strings:
Regenerated.
* platform/LocalizedStrings.cpp:
(WebCore::insecurePluginVersionText):
Changed this string.
2012-05-30 Lucas Forschler <lforschler@apple.com>
Merge 118553
2012-05-25 Dean Jackson <dino@apple.com>
Unreviewed, rolling out r112155.
http://trac.webkit.org/changeset/112155https://bugs.webkit.org/show_bug.cgi?id=79389
Hitch (due to style recalc?) when starting CSS3 animation
This caused a number of issues, including:
https://bugs.webkit.org/show_bug.cgi?id=87146https://bugs.webkit.org/show_bug.cgi?id=84194
<rdar://problem/11506629>
<rdar://problem/11267408>
<rdar://problem/11531859>
2012-05-30 Lucas Forschler <lforschler@apple.com>
Merge 118450
2012-05-24 Anders Carlsson <andersca@apple.com>
Corrupted pages rendering when images are zoomed on Google+
https://bugs.webkit.org/show_bug.cgi?id=87439
<rdar://problem/11503078>
Reviewed by Beth Dakin.
The rect that's given to scrollContentsSlowPath is in frame view coordinates, but if we end up
passing them to RenderLayer::setBackingNeedsRepaintInRect we need to account for the frame scale factor.
* page/FrameView.cpp:
(WebCore::FrameView::scrollContentsSlowPath):
2012-05-30 Lucas Forschler <lforschler@apple.com>
Merge 118411
2012-05-24 Jer Noble <jer.noble@apple.com>
MediaControlTimelineElement is adjusting time 3 times per click
https://bugs.webkit.org/show_bug.cgi?id=58160
Reviewed by Eric Carlson.
No new tests; we intentionally throttle timeupdate events for the same
movie time, so there is no way to write a layout test for this case.
Only call setCurrentTime() on mousedown or mousemove events.
* html/shadow/MediaControlElements.cpp:
(WebCore::MediaControlTimelineElement::defaultEventHandler):
2012-05-30 Lucas Forschler <lforschler@apple.com>
Merge 118314
2012-05-23 Jer Noble <jer.noble@apple.com>
REGRESSION: compositing/video/video-poster.html fails on Mac
https://bugs.webkit.org/show_bug.cgi?id=87199
Reviewed by Maciej Stachowiak.
No new tests; fixes failing compositing/video/video-poster.html test.
Instead of creating the video layer directly, simply allow the layer
to be created in updateStates() by changing the definition of
isReadyForVideoSetup() to bypass the m_isAllowedToRender check if
the player reports a video track is present. This causes the video layer
to be created and for future calls to prepareForRendering() to result
in calls to mediaPlayerRenderingModeChanged().
* platform/graphics/avfoundation/MediaPlayerPrivateAVFoundation.cpp:
(WebCore::MediaPlayerPrivateAVFoundation::isReadyForVideoSetup):
(WebCore::MediaPlayerPrivateAVFoundation::metadataLoaded):
2012-05-30 Lucas Forschler <lforschler@apple.com>
Merge 118087
2012-05-22 Jer Noble <jer.noble@apple.com>
REGRESSION (r98359): Video does not render on http://panic.com/dietcoda/https://bugs.webkit.org/show_bug.cgi?id=87171
Reviewed by Maciej Stachowiak.
No new tests; behavior is very timing specific and only occurs on a subset of all platforms.
Instead of calling prepareForRendering() from metadataLoaded(), which may fail and cause subsequent
calls to prepareForRendering() to short circuit, call createVideoLayer() directly, which achieves
the original goals of the fix for http://webkit.org/b/70448, but without breaking subsequent calls
to prepareForRendering() if called at the wrong time.
* platform/graphics/avfoundation/MediaPlayerPrivateAVFoundation.cpp:
(WebCore::MediaPlayerPrivateAVFoundation::metadataLoaded):
2012-05-30 Lucas Forschler <lforschler@apple.com>
Merge 116319
2012-05-07 Nat Duca <nduca@chromium.org>
Unreviewed, rolling out r115525.
http://trac.webkit.org/changeset/115525https://bugs.webkit.org/show_bug.cgi?id=66683
Too many pages rely on DOMTimeStamp as first argument.
Reverting while we consider next steps.
* WebCore.exp.in:
* bindings/js/JSRequestAnimationFrameCallbackCustom.cpp:
(WebCore::JSRequestAnimationFrameCallback::handleEvent):
* dom/Document.cpp:
(WebCore::Document::serviceScriptedAnimations):
* dom/Document.h:
(Document):
* dom/RequestAnimationFrameCallback.h:
(RequestAnimationFrameCallback):
* dom/RequestAnimationFrameCallback.idl:
* dom/ScriptedAnimationController.cpp:
(WebCore::ScriptedAnimationController::ScriptedAnimationController):
(WebCore::ScriptedAnimationController::serviceScriptedAnimations):
(WebCore):
(WebCore::ScriptedAnimationController::windowScreenDidChange):
(WebCore::ScriptedAnimationController::scheduleAnimation):
(WebCore::ScriptedAnimationController::animationTimerFired):
* dom/ScriptedAnimationController.h:
(ScriptedAnimationController):
(WebCore::ScriptedAnimationController::displayRefreshFired):
* page/FrameView.cpp:
(WebCore::FrameView::serviceScriptedAnimations):
* page/FrameView.h:
(FrameView):
* platform/graphics/DisplayRefreshMonitor.cpp:
(WebCore::DisplayRefreshMonitor::DisplayRefreshMonitor):
(WebCore::DisplayRefreshMonitor::notifyClients):
* platform/graphics/DisplayRefreshMonitor.h:
(DisplayRefreshMonitor):
* platform/graphics/blackberry/DisplayRefreshMonitorBlackBerry.cpp:
(WebCore::DisplayRefreshMonitor::displayLinkFired):
* platform/graphics/mac/DisplayRefreshMonitorMac.cpp:
(WebCore):
(WebCore::DisplayRefreshMonitor::requestRefreshCallback):
(WebCore::DisplayRefreshMonitor::displayLinkFired):
2012-05-30 Lucas Forschler <lforschler@apple.com>
Rollout 115573
2012-04-26 Emil A Eklund <eae@chromium.org> and Levi Weintraub <leviw@chromium.org>
Move Length and CSS length computation to float
https://bugs.webkit.org/show_bug.cgi?id=84801
Reviewed by Eric Seidel.
Change Length and CSS length computation to floating point. This gets us
closer to the goal of supporting subpixel layout and improves precision
for SVG which already uses floating point for its layout.
This change makes computedStyle return fractional values for pixel values
if a fraction is specified. It also changes the result of computations
where two or more values with fractional precision. Prior to this change
the result of Length(2.9) + Length(2.9) would be 4 as each value would be
floored. With this change the result is 5 as the addition is done with
floating point precision and then the result will be floored. Once we
enable subpixel layout the resulting value in this example would be 5.8.
Updated existing layout tests.
* css/CSSComputedStyleDeclaration.cpp:
(WebCore::zoomAdjustedPixelValue):
* css/CSSPrimitiveValue.cpp:
(WebCore::CSSPrimitiveValue::computeLength):
* css/CSSPrimitiveValue.h:
(WebCore):
(WebCore::roundForImpreciseConversion):
Add specialized float version of roundForImpreciseConversion that matches
the int versions rounding logic.
If a value is sufficiently close to the next integer round it up to
ensure that a style rule such as "width: 4.999px" evaluates to 5px
instead of 4px. This is needed as, although Lengths are using floating
point, the layout system still uses integer precision and floors the
Length values.
This will change once we move to FractionalLayoutUnits but for now this
is needed to ensure compatibility with the existing system and tests.
Without this specialized rounding logic we fail a handful of tests
including acid3.
* platform/Length.h:
(WebCore::Length::value):
(Length):
(WebCore::Length::intValue):
* rendering/RenderTableCell.cpp:
(WebCore::RenderTableCell::styleOrColLogicalWidth):
2012-05-28 Lucas Forschler <lforschler@apple.com>
Merge 118399
2012-05-24 Jessie Berlin <jberlin@apple.com>
REGRESSION(r109663) All the the dom/html/level2/html/HTMLFrameElement* tests crash on Windows
https://bugs.webkit.org/show_bug.cgi?id=87410
Reviewed by Anders Carlsson.
Do not pass a reference type to va_start (see r75435).
* platform/LocalizedStrings.cpp:
(WebCore::formatLocalizedString):
2012-05-28 Lucas Forschler <lforschler@apple.com>
Merge 118397
2012-05-24 Alexey Proskuryakov <ap@apple.com>
[WK2] Let the client give local files universal access on a case by case basis
https://bugs.webkit.org/show_bug.cgi?id=87174
<rdar://problem/11024330>
Reviewed by Maciej Stachowiak.
* dom/Document.cpp: (WebCore::Document::initSecurityContext): When settings->allowUniversalAccessFromFileURLs()
is false, also try asking the client for an indulgence.
* loader/FrameLoaderClient.h: (WebCore::FrameLoaderClient::shouldForceUniversalAccessFromLocalURL):
Default implementation doesn't change anything.
2012-05-28 Lucas Forschler <lforschler@apple.com>
Merge 118039
2012-05-22 Vitaly Buka <vitalybuka@chromium.org>
Fix iframe printing.
https://bugs.webkit.org/show_bug.cgi?id=85118
Reviewed by Darin Adler, Eric Seidel.
Patch fixed two issues by disabling special handling of subframes for printing.
1. Regression. Division by zero when forceLayoutForPagination called for subframes
and page sizes set to zero.
2. Old issue. RendererView adjusted layout of subframes for printing and set invalid
dimensions. Sometimes it caused missing iframe when printed.
Test: printing/iframe-print.html
* page/Frame.cpp:
(WebCore::Frame::setPrinting): Calls forceLayoutForPagination for root frames only.
(WebCore::Frame::resizePageRectsKeepingRatio): Added ASSERTs to catch division by zero.
* rendering/RenderView.cpp: Replaced printing() with shouldUsePrintingLayout() for most calls.
(WebCore::RenderView::computeLogicalHeight):
(WebCore::RenderView::computeLogicalWidth):
(WebCore::RenderView::layout):
(WebCore::RenderView::shouldUsePrintingLayout): Returns true only if printing enabled and it's a root frame.
(WebCore::RenderView::viewRect):
(WebCore::RenderView::viewHeight):
(WebCore::RenderView::viewWidth):
* rendering/RenderView.h:
2012-05-24 Lucas Forschler <lforschler@apple.com>
Merge 118204
2012-05-22 Jer Noble <jer.noble@apple.com>
PlatformClockCM has uninitialized m_rate member.
https://bugs.webkit.org/show_bug.cgi?id=87217
Reviewed by Eric Carlson.
Test: media/media-controller-time.html
Initialize the m_rate member to a default of 1 (second-per-second), matching the implementation
of ClockGeneric.
* platform/mac/PlatformClockCM.mm:
(PlatformClockCM::PlatformClockCM):
2012-05-24 Lucas Forschler <lforschler@apple.com>
Merge 118086
2012-05-22 Tim Horton <timothy_horton@apple.com>
Add a quirk for applications that depend on the relative ordering of progressCompleted/didFinishLoad
https://bugs.webkit.org/show_bug.cgi?id=87178
<rdar://problem/11468434>
Reviewed by Maciej Stachowiak.
Some applications depend on the relative ordering of progressCompleted/didFinishLoad, which was changed
to be more correct in http://trac.webkit.org/changeset/94105. For applications built before 94105, we can
provide the old behavior. For the time being, this will only apply to Mail.app.
No new tests, will not affect behavior for any application except Mail.
* loader/FrameLoader.cpp:
(WebCore::FrameLoader::checkLoadCompleteForThisFrame):
* page/Settings.cpp:
(WebCore::Settings::Settings):
* page/Settings.h:
(WebCore::Settings::setNeedsDidFinishLoadOrderQuirk):
(WebCore::Settings::needsDidFinishLoadOrderQuirk):
2012-05-24 Lucas Forschler <lforschler@apple.com>
Merge 117471
2012-05-16 Andreas Kling <kling@webkit.org>
Make PluginInfoStore properly thread-safe.
<http://webkit.org/b/86648>
<rdar://problem/11451178>
Reviewed by Darin Adler.
* plugins/PluginData.h:
(WebCore::MimeClassInfo::isolatedCopy):
(WebCore::PluginInfo::isolatedCopy):
2012-05-23 Lucas Forschler <lforschler@apple.com>
Merge 117744
2012-05-18 Andreas Kling <kling@webkit.org>
REGRESSION(r117501): IconDatabase asserts on startup in synchronousIconForPageURL().
<http://webkit.org/b/86935>
<rdar://problem/11480012>
Reviewed by Anders Carlsson.
- Correctly set m_retainOrReleaseIconRequested to true in retainIconForPageURL().
This was causing the assertions, as we would end up doing nothing until the first
icon release request came in.
- Require that m_urlsToRetainOrReleaseLock be held when accessing m_retainOrReleaseIconRequested.
This removes a possible race condition in double checked locking.
- Swap over the retain/release work queues while holding m_urlsToRetainOrReleaseLock
and release it right away to avoid sitting on the lock while updating the database.
* loader/icon/IconDatabase.cpp:
(WebCore::IconDatabase::synchronousIconForPageURL):
(WebCore::IconDatabase::retainIconForPageURL):
(WebCore::IconDatabase::releaseIconForPageURL):
(WebCore::IconDatabase::retainedPageURLCount):
(WebCore::IconDatabase::performURLImport):
(WebCore::IconDatabase::syncThreadMainLoop):
(WebCore::IconDatabase::performPendingRetainAndReleaseOperations):
* loader/icon/IconDatabase.h:
(IconDatabase):
2012-05-23 Lucas Forschler <lforschler@apple.com>
Merge 117625
2012-05-18 Viatcheslav Ostapenko <ostapenko.viatcheslav@nokia.com>
[Qt] REGRESSION(r117501): It made almost all tests assert in debug mode
https://bugs.webkit.org/show_bug.cgi?id=86854
Reviewed by Andreas Kling.
Initialize boolean flag in constructor and recheck the flag which can be
modified by another thread under mutex.
No new tests, fixes regression that caused layout test crash.
* loader/icon/IconDatabase.cpp:
(WebCore::IconDatabase::IconDatabase):
(WebCore::IconDatabase::syncThreadMainLoop):
2012-05-23 Lucas Forschler <lforschler@apple.com>
Merge 117501
2012-05-15 Andreas Kling <kling@webkit.org>
IconDatabase: Move icon retain/release off of the main thread.
<http://webkit.org/b/85799>
<rdar://problem/9507113>
Reviewed by Brady Eidson.
Batch up the retain/release operations and execute them as part of the sync thread loop.
The batch execution is guarded by a new mutex (m_urlsToRetainOrReleaseLock.)
This avoids blocking the main thread on m_urlAndIconLock for basic retain/release.
There is one exception; if there are pending retain/release operations in synchronousIconForPageURL,
it will acquire the lock and flush the operations.
There should be no behavior change, this is only meant to reduce lock contention.
* loader/icon/PageURLRecord.h:
(WebCore::PageURLRecord::retain):
(WebCore::PageURLRecord::release):
Added a 'count' argument to these so we can batch up the operations in IconDatabase.
* loader/icon/IconDatabase.h:
* loader/icon/IconDatabase.cpp:
(WebCore::IconDatabase::performScheduleOrDeferSyncTimer):
(WebCore::IconDatabase::performScheduleOrDeferSyncTimerOnMainThread):
(WebCore::IconDatabase::scheduleOrDeferSyncTimer):
Perform the the timer scheduling on the main thread as it can be done on a different
thread by way of retainIconForPageURL or releaseIconForPageURL.
(WebCore::IconDatabase::synchronousIconForPageURL):
(WebCore::IconDatabase::retainIconForPageURL):
(WebCore::IconDatabase::performRetainIconForPageURL):
(WebCore::IconDatabase::releaseIconForPageURL):
(WebCore::IconDatabase::performReleaseIconForPageURL):
(WebCore::IconDatabase::retainedPageURLCount):
(WebCore::IconDatabase::IconDatabase):
(WebCore::IconDatabase::performURLImport):
(WebCore::IconDatabase::syncThreadMainLoop):
(WebCore::IconDatabase::performPendingRetainAndReleaseOperations):
2012-05-23 Lucas Forschler <lforschler@apple.com>
Merge 116543
2012-05-03 Shawn Singh <shawnsingh@chromium.org>
Hit testing is incorrect in some cases with perspective transforms
https://bugs.webkit.org/show_bug.cgi?id=79136
Reviewed by Simon Fraser.
Tests: transforms/3d/hit-testing/coplanar-with-camera.html
transforms/3d/hit-testing/perspective-clipped.html
* platform/graphics/transforms/TransformationMatrix.cpp:
(WebCore::TransformationMatrix::projectPoint): Fix a
divide-by-zero error so that values do not become Inf or Nan. Also
fix an overflow error by using a large, but not-too-large constant
to represent infinity.
(WebCore::TransformationMatrix::projectQuad): Fix an error where
incorrect quads were being returned. Incorrect quads can occur
when projectPoint clamped==true after returning.
2012-05-23 Lucas Forschler <lforschler@apple.com>
Merge 116486
2012-05-08 Benjamin Poulain <bpoulain@apple.com>
[JSC] Regression: addEventListener() and removeEventListener() raise an exception on missing args
https://bugs.webkit.org/show_bug.cgi?id=85928
Reviewed by Geoffrey Garen.
The functions addEventListener() and removeEventListener() raise an exception if there are missin arguments.
This behavior breaks existing content.
This patch change the code generator of JavaScript core to have an exception for addEventListener() and removeEventListener().
For those function, we do not raise an exception on missin argument.
This patch does not modify the V8 code generator because such exceptions are already in place there.
Tests: fast/dom/Window/window-legacy-event-listener.html
fast/dom/XMLHttpRequest-legacy-event-listener.html
fast/dom/node-legacy-event-listener.html
* bindings/scripts/CodeGeneratorJS.pm:
(GenerateImplementation):
2012-05-23 Lucas Forschler <lforschler@apple.com>
Merge 116319
2012-05-07 Nat Duca <nduca@chromium.org>
Unreviewed, rolling out r115525.
http://trac.webkit.org/changeset/115525https://bugs.webkit.org/show_bug.cgi?id=66683
Too many pages rely on DOMTimeStamp as first argument.
Reverting while we consider next steps.
* WebCore.exp.in:
* bindings/js/JSRequestAnimationFrameCallbackCustom.cpp:
(WebCore::JSRequestAnimationFrameCallback::handleEvent):
* dom/Document.cpp:
(WebCore::Document::serviceScriptedAnimations):
* dom/Document.h:
(Document):
* dom/RequestAnimationFrameCallback.h:
(RequestAnimationFrameCallback):
* dom/RequestAnimationFrameCallback.idl:
* dom/ScriptedAnimationController.cpp:
(WebCore::ScriptedAnimationController::ScriptedAnimationController):
(WebCore::ScriptedAnimationController::serviceScriptedAnimations):
(WebCore):
(WebCore::ScriptedAnimationController::windowScreenDidChange):
(WebCore::ScriptedAnimationController::scheduleAnimation):
(WebCore::ScriptedAnimationController::animationTimerFired):
* dom/ScriptedAnimationController.h:
(ScriptedAnimationController):
(WebCore::ScriptedAnimationController::displayRefreshFired):
* page/FrameView.cpp:
(WebCore::FrameView::serviceScriptedAnimations):
* page/FrameView.h:
(FrameView):
* platform/graphics/DisplayRefreshMonitor.cpp:
(WebCore::DisplayRefreshMonitor::DisplayRefreshMonitor):
(WebCore::DisplayRefreshMonitor::notifyClients):
* platform/graphics/DisplayRefreshMonitor.h:
(DisplayRefreshMonitor):
* platform/graphics/blackberry/DisplayRefreshMonitorBlackBerry.cpp:
(WebCore::DisplayRefreshMonitor::displayLinkFired):
* platform/graphics/mac/DisplayRefreshMonitorMac.cpp:
(WebCore):
(WebCore::DisplayRefreshMonitor::requestRefreshCallback):
(WebCore::DisplayRefreshMonitor::displayLinkFired):
2012-05-21 Lucas Forschler <lforschler@apple.com>
Merge 117652
2012-05-18 Dan Bernstein <mitz@apple.com>
Build fix after r117607.
* platform/mac/WebCoreNSCellExtras.m:
2012-05-21 Lucas Forschler <lforschler@apple.com>
Merge 117607
2012-05-18 Dan Bernstein <mitz@apple.com>
<rdar://problem/11467250> No focus ring around popup buttons
Reviewed by Anders Carlsson.
The exact same issue was fixed for buttons drawn in ThemeMac.mm in <rdar://problem/10542095>.
This change extends the fix to also cover buttons drawn in RenderThemeMac.mm.
* WebCore.xcodeproj/project.pbxproj: Added WebCoreNSCellExtras.{h.m}.
* platform/mac/ThemeMac.mm: Removed the definitions of BUTTON_CELL_DRAW_WITH_FRAME_DRAWS_FOCUS_RING
and -[NSCell _web_drawFocusRingWithFrame:inView:] from here. They are now in WebCoreNSCellExtras.
* platform/mac/WebCoreNSCellExtras.h: Added.
* platform/mac/WebCoreNSCellExtras.m: Added.
(-[NSCell _web_drawFocusRingWithFrame:inView:]): Moved from ThemeMac.mm here.
* rendering/RenderThemeMac.mm:
(WebCore::RenderThemeMac::paintMenuList): Changed to use -_web_drawFocusRingWithFrame:inView:.
(WebCore::RenderThemeMac::setPopupButtonCellState): Removed call to updateFocusedState() when
the focus ring is drawn separately.
2012-05-21 Lucas Forschler <lforschler@apple.com>
Merge 117537
2012-05-17 Dan Bernstein <mitz@apple.com>
<rdar://problem/11419933> Problems with flipped writing modes and compositing
https://bugs.webkit.org/show_bug.cgi?id=86032
Reviewed by Anders Carlsson.
Test: compositing/bounds-in-flipped-writing-mode.html
* rendering/RenderLayer.cpp:
(WebCore::RenderLayer::calculateLayerBounds): Apply a writing-mode flip to the bounding box
if needed.
2012-05-21 Lucas Forschler <lforschler@apple.com>
Merge 117502
2012-05-17 Beth Dakin <bdakin@apple.com>
https://bugs.webkit.org/show_bug.cgi?id=86266
r112643/r116697 break Webview form input fields
-and corresponding-
<rdar://problem/11400430>
Reviewed by Dan Bernstein.
There is a recent history of changes in this are that seem worth documenting.
First was the change to switch to using NSTextFieldCell to draw text fields:
http://trac.webkit.org/changeset/104240
That led to problems because of the clear background that I thought at the time
were specific to MountainLion. To fix that, I made this change:
http://trac.webkit.org/changeset/110480
But that change resulted in styled text fields getting an un-themed border, which
led to this change on the branch: http://trac.webkit.org/changeset/112643 and a
change on TOT that was identical for Lion and SnowLeopard but introduced new
behavior for MountainLion: http://trac.webkit.org/changeset/116697
And that brings us to this bug, where it turns out the clear background is a
problem on Lion and SnowLeopard too. This patch fixes the bug by using the
original WebCoreSystemInterface function to paint all text fields on Lion and
SnowLeopard that are styled. This is what we used to paint all text fields before
r104240, which is the first change listed above. Un-styled text fields will still
use NSTextFieldCell on these platforms, but with a hardcoded white background.
* rendering/RenderThemeMac.h:
(RenderThemeMac):
* rendering/RenderThemeMac.mm:
(WebCore::RenderThemeMac::paintTextField):
(WebCore::RenderThemeMac::textField):
2012-05-21 Lucas Forschler <lforschler@apple.com>
Merge 117366
2012-05-16 Jon Lee <jonlee@apple.com>
Animated GIFs in page cache get updated
https://bugs.webkit.org/show_bug.cgi?id=86668
<rdar://problem/11395549>
Reviewed by Brady Eidson.
Test: fast/loader/image-in-page-cache.html
* rendering/RenderImage.cpp:
(WebCore::RenderImage::imageChanged): When we are notified by the CachedImage that the image has
changed, we check to see if the document is in the page cache. If so, we should not be updating,
so we bail out early.
2012-05-21 Lucas Forschler <lforschler@apple.com>
Merge 117365
2012-05-16 Tim Horton <timothy_horton@apple.com>
Crash if SVG gradient stop has display: none set
https://bugs.webkit.org/show_bug.cgi?id=86686
<rdar://problem/10751905>
Reviewed by Dean Jackson.
Create a renderer for SVGStopElement regardless of the "display" property.
This matches the behavior of Opera and the SVG specification.
Test: svg/custom/gradient-stop-display-none-crash.svg
* svg/SVGStopElement.cpp:
(WebCore::SVGStopElement::rendererIsNeeded):
(WebCore):
* svg/SVGStopElement.h:
(SVGStopElement):
2012-05-21 Lucas Forschler <lforschler@apple.com>
Merge 117326
2012-05-16 Jer Noble <jer.noble@apple.com>
<video> elements with no video tracks report false for webkitSupportsFullscreen.
https://bugs.webkit.org/show_bug.cgi?id=86650
Reviewed by Eric Carlson.
No new tests; updated media/media-fullscreen-inline.html.
With the new Full Screen API, the restriction that only video elements with
video tracks can enter full screen seems arbitrary. Some media types will
occasionally determine they have video tracks long after loadedmetadata, which
breaks websites who check for webkitSupportsFullscreen(). Relax the restriction
on webkitSupportsFullscreen() for ports where the Full Screen API is enabled and
supported so as to no longer require hasVideo().
* html/HTMLVideoElement.cpp:
(WebCore::HTMLVideoElement::supportsFullscreen):
2012-05-21 Lucas Forschler <lforschler@apple.com>
Merge 117314
2012-05-16 Tim Horton <timothy_horton@apple.com>
Scrollbar layers should respect accelerated drawing setting
https://bugs.webkit.org/show_bug.cgi?id=86644
<rdar://problem/11462038>
Reviewed by Simon Fraser.
When creating scrollbar layers, pass through the accelerated drawing setting.
No new tests.
* rendering/RenderLayerCompositor.cpp:
(WebCore::RenderLayerCompositor::updateOverflowControlsLayers):
2012-05-21 Lucas Forschler <lforschler@apple.com>
Merge 117313
2012-05-16 Tim Horton <timothy_horton@apple.com>
FrameView::scrollContentsFastPath should use painted area to determine whether to drop out of the fast path
https://bugs.webkit.org/show_bug.cgi?id=86651
<rdar://problem/11459243>
Reviewed by Simon Fraser.
Previously, we decided to fall out of the fast scrolling path by the number of fixed-position elements
on the page. This was less than ideal if a single fixed position element took up a significant portion
of the page, or if there were many small, cheap-to-paint fixed elements.
Instead, we should use the fast path if less than 50% of the page will be repainted by fixed-position
elements, and otherwise fall back to the slow path.
I've tested a few different thresholds with an internal test; 50% seems to work relatively well,
but the ideal value is hard to determine and likely depends on hardware.
No new tests, performance improvement with few large fixed-position objects or many small ones.
* page/FrameView.cpp:
(WebCore::FrameView::scrollContentsFastPath):
2012-05-21 Lucas Forschler <lforschler@apple.com>
Merge 117336
2012-05-16 Jeffrey Pfau <jpfau@apple.com>
ImageLoader can still dispatch beforeload events for ImageDocuments
https://bugs.webkit.org/show_bug.cgi?id=86658
<rdar://problem/11465863>
Reviewed by Brady Eidson.
Prevent flags regarding sending beforeload events from being set on ImageDocuments.
No new tests; testing framework doesn't allow for testing ImageDocuments with injected JavaScript.
* loader/ImageLoader.cpp:
(WebCore::ImageLoader::updateFromElement):
2012-05-21 Lucas Forschler <lforschler@apple.com>
Merge 117185
2012-05-15 Jeffrey Pfau <jpfau@apple.com>
ImageDocuments erroneously trigger beforeload events for the main resource
https://bugs.webkit.org/show_bug.cgi?id=86543
<rdar://problem/11309013>
Reviewed by Brady Eidson.
No new tests; testing framework doesn't allow for testing ImageDocuments with injected JavaScript.
* loader/ImageLoader.cpp:
(WebCore::ImageLoader::updateFromElement):
2012-05-21 Lucas Forschler <lforschler@apple.com>
Merge 116864
2012-05-12 Abhishek Arya <inferno@chromium.org>
Crash in HTMLSelectElement::setOption
https://bugs.webkit.org/show_bug.cgi?id=85420
Reviewed by Eric Seidel
RefPtr before option in HTMLSelectElement::setOption since it
can get destroyed due to mutation events.
Test: fast/dom/HTMLSelectElement/option-add-crash.html
* html/HTMLSelectElement.cpp:
(WebCore::HTMLSelectElement::setOption):
2012-05-16 Lucas Forschler <lforschler@apple.com>
Merge 116595
2012-05-09 Jessie Berlin <jberlin@apple.com>
Crash using the new WKBundleDOMWindowExtensions APIs.
https://bugs.webkit.org/show_bug.cgi?id=85888
Reviewed by Brady Eidson.
WKBundlePageWillDestroyGlobalObjectForDOMWindowExtensionCallback was only being invoked when
the WKPage was destroyed, and then only for the child frames. In addition, the
DOMWindowExtension was holding onto a destroyed DOMWindow and attempting to unregister from
when the WK2 wrapper object was attempting to destroy the DOMWindowExtension.
The underlying issue here was that the DOMWindowProperties were getting disconnectFrame
and willDetachPage called on them at the wrong times.
Rename DOMWindowProperty::disconnectFrame and reconnectFrame to disconnectFrameForPageCache
and reconnectFrameFromPageCache for clarity.
Only invoke DOMWindowProperty::disconnectFrameForPageCache when the frame is going into the
page cache.
In the cases where the DOMWindow is getting destroyed, the frame is being destroyed, or the
DOMWindow is getting cleared because the frame is being navigated, invoke
DOMWindowProperty::willDestroyGlobalObjectInFrame instead of disconnectFrame.
Invoke DOMWindowProperty::willDetachGlobalObjectFromFrame when a document is being detached
because the frame has been detached (e.g. fast/storage/storage-detached-iframe.html) and
won't be immediately destroyed.
Invoke DOMWindowProperty::willDestroyGlobalObjectInCachedFrame when a cached frame is
being destroyed.
New WK2 API Test: DOMWindowExtensionNoCache.
* Modules/indexeddb/DOMWindowIndexedDatabase.cpp:
(WebCore::DOMWindowIndexedDatabase::disconnectFrameForPageCache):
Updated for disconnectFrame rename.
(WebCore::DOMWindowIndexedDatabase::reconnectFrameFromPageCache):
Updated for reconnectFrame rename.
(WebCore::DOMWindowIndexedDatabase::willDestroyGlobalObjectInCachedFrame):
Get rid of the suspended IDBFactory.
(WebCore::DOMWindowIndexedDatabase::willDestroyGlobalObjectInFrame):
Get rid of the IDBFactory.
(WebCore::DOMWindowIndexedDatabase::willDetachGlobalObjectFromFrame):
Ditto.
* Modules/indexeddb/DOMWindowIndexedDatabase.h:
* dom/Document.cpp:
(WebCore::Document::prepareForDestruction):
Tell the DOMWindow before detaching the Document.
* dom/Document.h:
* history/CachedFrame.cpp:
(WebCore::CachedFrame::destroy):
Tell the DOMWindow.
* loader/FrameLoader.cpp:
(WebCore::FrameLoader::clear):
Use Document::prepareForDestruction so that the DOMWindow is told about the main frame
navigation before detaching the Document.
* loader/appcache/DOMApplicationCache.cpp:
(WebCore::DOMApplicationCache::disconnectFrameForPageCache):
Updated for the disconnectFrame rename.
(WebCore::DOMApplicationCache::reconnectFrameFromPageCache):
Updated for the reconnectFrame rename.
(WebCore::DOMApplicationCache::willDestroyGlobalObjectInFrame):
Cover the cases formerly covered by disconnectFrame (which was sometimes being called when
called when the frame was destroyed).
* loader/appcache/DOMApplicationCache.h:
* notifications/DOMWindowNotifications.cpp:
(WebCore::DOMWindowNotifications::disconnectFrameForPageCache):
Updated for the disconnectFrame rename.
(WebCore::DOMWindowNotifications::reconnectFrameFromPageCache):
Updated for the reconnectFrame rename.
(WebCore::DOMWindowNotifications::willDestroyGlobalObjectInCachedFrame):
Get rid of the suspended notification center.
(WebCore::DOMWindowNotifications::willDestroyGlobalObjectInFrame):
Get rid of the notification center.
(WebCore::DOMWindowNotifications::willDetachGlobalObjectFromFrame):
Do not allow use of the notification center by detached frames.
* notifications/DOMWindowNotifications.h:
* page/DOMWindow.cpp:
(WebCore::DOMWindow::clearDOMWindowProperties):
Do not call disconnectDOMWindowProperties. It is now the responsibility of the callers to
tell the DOMWindowProperties the correct cause of being cleared.
(WebCore::DOMWindow::~DOMWindow):
Make sure the DOMWindowProperties still know that the DOMWindow is going away.
(WebCore::DOMWindow::frameDestroyed):
Invoke willDestroyGlobalObjectInFrame on the DOMWindowProperties.
(WebCore::DOMWindow::willDetachPage):
It is no longer necessary to tell the DOMWindowProperties anything here.
(WebCore::DOMWindow::willDestroyCachedFrame):
Tell the DOMWindowProperties.
(WebCore::DOMWindow::willDestroyDocumentInFrame):
Ditto.
(WebCore::DOMWindow::willDetachDocumentFromFrame):
Ditto.
(WebCore::DOMWindow::clear):
Ditto.
(WebCore::DOMWindow::disconnectDOMWindowProperties):
Updated for the disconnectFrame rename.
(WebCore::DOMWindow::reconnectDOMWindowProperties):
Ditto.
* page/DOMWindow.h:
* page/DOMWindowExtension.cpp:
(WebCore::DOMWindowExtension::DOMWindowExtension):
Move the responsibility for tracking the disconnected DOMWindow to DOMWindowProperty, since
DOMWindowProperty will need it to unregister the property when a cached frame is destroyed.
(WebCore::DOMWindowExtension::disconnectFrameForPageCache):
Remove the code to check for disconnectFrame being called twice - it is now only called when
a frame goes into the page cache.
Let the DOMWindowProperty keep track of the disconnected DOMWindow.
(WebCore::DOMWindowExtension::reconnectFrameFromPageCache):
Let the DOMWindowProperty keep track of the disconnected DOMWindow.
(WebCore::DOMWindowExtension::willDestroyGlobalObjectInCachedFrame):
Dispatch the willDestroyGlobalObjectForDOMWindowExtension callback.
(WebCore::DOMWindowExtension::willDestroyGlobalObjectInFrame):
Ditto, but only if the callback hasn't already been sent because the frame has been detached.
(WebCore::DOMWindowExtension::willDetachGlobalObjectFromFrame):
Send the callback because nothing interesting can be done in the frame once it has been
detached.
* page/DOMWindowExtension.h:
* page/DOMWindowProperty.cpp:
(WebCore::DOMWindowProperty::DOMWindowProperty):
Keep track of the disconnected DOMWindow so it can be used to unregister the property when a
cached frame is destroyed.
(WebCore::DOMWindowProperty::~DOMWindowProperty):
Also unregister the property when a DOMWindowProperty for a cached frame is destroyed.
(WebCore::DOMWindowProperty::disconnectFrameForPageCache):
Keep track of the disconnected DOMWindow.
(WebCore::DOMWindowProperty::reconnectFrameFromPageCache):
Ditto.
(WebCore::DOMWindowProperty::willDestroyGlobalObjectInCachedFrame):
Unregister the property from the disconnected DOMWindow.
(WebCore::DOMWindowProperty::willDestroyGlobalObjectInFrame):
Unregister the property from the DOMWindow and stop keeping track of the frame.
(WebCore::DOMWindowProperty::willDetachGlobalObjectFromFrame):
Do not set m_frame to 0 because detached frames still have access to the DOMWindow, even if
they can't do anything meaningful with it.
* page/DOMWindowProperty.h:
* page/Frame.cpp:
(WebCore::Frame::setView):
Tell the DOMWindow that the Document is being detached so it can tell the
DOMWindowProperties.
* page/PointerLock.cpp:
(WebCore::PointerLock::disconnectFrameForPageCache):
Updated for disconnectFrame rename.
(WebCore::PointerLock::willDestroyGlobalObjectInFrame):
Cover the cases formerly covered by disconnectFrame (which was sometimes being called when
called when the frame was destroyed).
* page/PointerLock.h:
2012-05-16 Lucas Forschler <lforschler@apple.com>
Merge 117196
2012-05-15 Beth Dakin <bdakin@apple.com>
https://bugs.webkit.org/show_bug.cgi?id=86549
Page Scale + Tiled Drawing: Twitter sign in page content disappears
after typing into name and enabling password field
-and corresponding-
<rdar://problem/11415352>
Reviewed by Oliver Hunt.
The enormous rect we used to use would overflow in CA and do nothing
when there was any scale > 1 on the context. Instead, just call
setNeedsDisplay on each tile.
* platform/graphics/ca/mac/TileCache.mm:
(WebCore::TileCache::setNeedsDisplay):
2012-05-16 Lucas Forschler <lforschler@apple.com>
Merge 117165
2012-05-15 Jer Noble <jer.noble@apple.com>
r117147 causes a null-deref crash in DOMImplementation::createDocument()
https://bugs.webkit.org/show_bug.cgi?id=86532
Reviewed by James Robinson.
No new tests, but fixes many crashing tests.
Protect against the possibility of being passed a NULL frame in
DOMImplementation::createDocument().
* dom/DOMImplementation.cpp:
(WebCore::DOMImplementation::createDocument):
2012-05-16 Lucas Forschler <lforschler@apple.com>
Merge 117158
2012-05-15 Jer Noble <jer.noble@apple.com>
Unreviewed build fix [Qt].
Protect the definition of DOMImplementationSupportsTypeClient class with
#if ENABLE(VIDEO) so as not to cause compilation errors on ports with
VIDEO disabled.
* dom/DOMImplementation.cpp:
2012-05-16 Lucas Forschler <lforschler@apple.com>
Merge 117147
2012-05-14 Jer Noble <jer.noble@apple.com>
Site-specific hack: Disclaim WebM as a supported type on Mac for YouTube.
https://bugs.webkit.org/show_bug.cgi?id=86409
Reviewed by Darin Adler.
No new tests; site specific hack.
Add a Mac-only site-specific hack which disclaims both video/webm and video/x-flv
as supported types when the media element's document has a host of youtube.com.
Add a new, pure-virtual prototype class for use by MediaPlayer::supportsType:
* platform/graphics/MediaPlayer.h:
(MediaPlayerSupportsTypeClient):
(WebCore::MediaPlayerSupportsTypeClient::~MediaPlayerSupportsTypeClient):
(WebCore::MediaPlayerSupportsTypeClient::mediaPlayerNeedsSiteSpecificHacks):
(WebCore::MediaPlayerSupportsTypeClient::mediaPlayerDocumentHost):
Use these new client calls to determine whether to apply the site-specific
hack:
* platform/graphics/MediaPlayer.cpp:
(WebCore::MediaPlayer::supportsType):
Add this prototype class as a superclass of HTMLMediaElement. Pass in the
HTMLMediaElement's this pointer when calling MediaPlayer::supportsType():
* html/HTMLMediaElement.cpp:
(WebCore::HTMLMediaElement::canPlayType):
(WebCore::HTMLMediaElement::selectNextSourceChild):
(WebCore::HTMLMediaElement::mediaPlayerNeedsSiteSpecificHacks):
(WebCore::HTMLMediaElement::mediaPlayerDocumentHost):
* html/HTMLMediaElement.h:
As is HTMLMediaElement, a MediaPlayerSupportsTypeClient class is needed. Add a
new class DOMImplementationSupportsTypeClient, an instance of which will be
passed to MediaPlayer::supportsType():
* dom/DOMImplementation.cpp:
(DOMImplementationSupportsTypeClient):
(WebCore::DOMImplementationSupportsTypeClient::DOMImplementationSupportsTypeClient):
(WebCore::DOMImplementation::createDocument):
(WebCore::DOMImplementation::mediaPlayerNeedsSiteSpecificHacks):
(WebCore::DOMImplementation::mediaPlayerDocumentHost):
* dom/DOMImplementation.h:
2012-05-16 Lucas Forschler <lforschler@apple.com>
Merge 117129
2012-05-15 Anders Carlsson <andersca@apple.com>
Use unaccelerated scrolling deltas when rubber-banding
https://bugs.webkit.org/show_bug.cgi?id=86503
<rdar://problem/11378742>
Reviewed by Sam Weinig.
* WebCore.exp.in:
* platform/PlatformWheelEvent.h:
(WebCore::PlatformWheelEvent::PlatformWheelEvent):
(PlatformWheelEvent):
(WebCore::PlatformWheelEvent::scrollCount):
(WebCore::PlatformWheelEvent::unacceleratedScrollingDeltaX):
(WebCore::PlatformWheelEvent::unacceleratedScrollingDeltaY):
Add scroll count and unaccelerated scrolling deltas.
* platform/mac/ScrollElasticityController.mm:
(WebCore::elasticDeltaForTimeDelta):
(WebCore::elasticDeltaForReboundDelta):
(WebCore::reboundDeltaForElasticDelta):
Call the new WKSI functions.
(WebCore::ScrollElasticityController::handleWheelEvent):
Use the unaccelerated scrolling deltas when needed.
* platform/mac/WebCoreSystemInterface.h:
* platform/mac/WebCoreSystemInterface.mm:
Add new WKSI functions.
2012-05-16 Lucas Forschler <lforschler@apple.com>
Merge 117113
2012-05-15 Beth Dakin <bdakin@apple.com>
https://bugs.webkit.org/show_bug.cgi?id=86506
REGRESSION (tiled drawing): No scrollbar while page is loading
-and corresponding
<rdar://problem/11444589>
Reviewed by Anders Carlsson.
We have always had a mechanism in place to suppress painting overlay
scrollbars while the page is loading. However, that mechaism is
overriden if the page has been scrolled. It should be, anyway. It was
not being overriden when the scrolling was handled as a wheel event by
the scrolling tree. This patch takes advantage of the fact that
ScrollingTree::handleWheelEvent() already calls back to the main
thread for handleWheelEventPhase() and just patches
handleWheelEventPhase to mark m_haveScrolledSincePageLoad as true.
* platform/mac/ScrollAnimatorMac.mm:
(WebCore::ScrollAnimatorMac::handleWheelEventPhase):
2012-05-16 Lucas Forschler <lforschler@apple.com>
Merge 117108
2012-05-15 Andreas Kling <kling@webkit.org>
Deep copy PluginModuleInfo before passing across thread boundary.
<http://webkit.org/b/86491>
<rdar://problem/11451178>
Reviewed by Anders Carlsson.
* plugins/PluginData.h:
(MimeClassInfo):
(WebCore::MimeClassInfo::isolatedCopy):
(PluginInfo):
(WebCore::PluginInfo::isolatedCopy):
2012-05-16 Lucas Forschler <lforschler@apple.com>
Merge 117032
2012-05-14 Tim Horton <timothy_horton@apple.com>
RenderLayer::repaintRectIncludingDescendants shouldn't include repaint rects of composited descendants
https://bugs.webkit.org/show_bug.cgi?id=86429
<rdar://problem/11445132>
Reviewed by Simon Fraser.
Change repaintRectIncludingDescendants to not include repaint rects for composited child layers,
and rename the function to make it more clear that that's what it does now.
No new tests, scrolling performance optimization.
* page/FrameView.cpp:
(WebCore::FrameView::scrollContentsFastPath):
* rendering/RenderLayer.cpp:
(WebCore::RenderLayer::repaintRectIncludingNonCompositingDescendants):
* rendering/RenderLayer.h:
(RenderLayer):
2012-05-16 Lucas Forschler <lforschler@apple.com>
Merge 117021
2012-05-14 Beth Dakin <bdakin@apple.com>
https://bugs.webkit.org/show_bug.cgi?id=86420
ScrollbarPainter should support expansionTransitionProgress
Reviewed by Sam Weinig.
expansionTransitionProgress works the same as
uiStateTransitionProgress. This code just echoes that code, but for
expansion instead of uiState.
* platform/mac/NSScrollerImpDetails.h:
* platform/mac/ScrollAnimatorMac.mm:
(supportsExpansionTransitionProgress):
(-[WebScrollbarPartAnimation setCurrentProgress:]):
(-[WebScrollbarPainterDelegate cancelAnimations]):
(-[WebScrollbarPainterDelegate scrollerImp:animateExpansionTransitionWithDuration:]):
(-[WebScrollbarPainterDelegate invalidate]):
2012-05-15 Lucas Forschler <lforschler@apple.com>
rollout 116009
2012-05-15 Lucas Forschler <lforschler@apple.com>
rollout 116013
2012-05-15 Sam Weinig <sam@webkit.org>
<rdar://problem/11401642> ENABLE_IFRAME_SEAMLESS should be turned off on the branch
Reviewed by Andy Estes.
* Configurations/FeatureDefines.xcconfig:
Disable ENABLE_IFRAME_SEAMLESS.
2012-05-15 Sam Weinig <sam@webkit.org>
Disable CSS regions
<rdar://problem/10887709>
Reviewed by Anders Carlsson.
* dom/Document.idl:
#ifdef out webkitGetFlowByName.
2012-05-15 Lucas Forschler <lforschler@apple.com>
Merge 116960
2012-05-14 Eric Carlson <eric.carlson@apple.com>
<video> won't load when URL ends with .php
https://bugs.webkit.org/show_bug.cgi?id=86308
Reviewed by Darin Adler.
Test: http/tests/media/video-query-url.html
* platform/graphics/MediaPlayer.cpp:
(WebCore::MediaPlayer::MediaPlayer): Initialize m_typeInferredFromExtension.
(WebCore::MediaPlayer::load): Set m_typeInferredFromExtension appropriately.
(WebCore::MediaPlayer::loadWithNextMediaEngine): If we don't find a media engine registered
for a MIME type, and the type was inferred from the extension, give the first registered
media engine a chance anwyay just as we do when there is no MIME type at all.
* platform/graphics/MediaPlayer.h: Add m_typeInferredFromExtension.
2012-05-15 Lucas Forschler <lforschler@apple.com>
Merge 116831
2012-05-11 Beth Dakin <bdakin@apple.com>
https://bugs.webkit.org/show_bug.cgi?id=86278
Composited layers should only run the overlay scrollbars painting pass
if necessary
Reviewed by Dan Bernstein.
It's not enough that the rootLayer has dirty scrollbars; we also have
to actually be doing the overlay scrollbars painting pass to skip the
early return.
* rendering/RenderLayer.cpp:
(WebCore::RenderLayer::paintLayer):
2012-05-15 Lucas Forschler <lforschler@apple.com>
Merge 116830
2012-05-11 Anders Carlsson <andersca@apple.com>
Comcast website displays bottom of page when loaded
https://bugs.webkit.org/show_bug.cgi?id=86277
<rdar://problem/11426887>
Reviewed by Beth Dakin.
There were two bugs here. The first bug was that FrameView::setScrollPosition didn't end up calling into the scrolling coordinator
to update the scroll position. The second bug was that ScrollingTreeNodeMac::setScrollPosition didn't constrain the scroll position
to the edge of the page.
* page/FrameView.cpp:
(WebCore::FrameView::setScrollPosition):
Call requestScrollPositionUpdate.
* page/scrolling/ScrollingTree.cpp:
* page/scrolling/ScrollingTree.h:
Remove setMainFrameScrollPosition, it is not called by anyone.
* page/scrolling/mac/ScrollingTreeNodeMac.h:
* page/scrolling/mac/ScrollingTreeNodeMac.mm:
(WebCore::ScrollingTreeNodeMac::setScrollPosition):
Clamp to the page size and call setScrollPositionWithoutContentEdgeConstraints.
(WebCore::ScrollingTreeNodeMac::setScrollPositionWithoutContentEdgeConstraints):
Update the scroll layer position and call back to the main thread.
(WebCore::ScrollingTreeNodeMac::scrollBy):
Call setScrollPosition.
(WebCore::ScrollingTreeNodeMac::scrollByWithoutContentEdgeConstraints):
Call setScrollPositionWithoutContentEdgeConstraints.
2012-05-15 Lucas Forschler <lforschler@apple.com>
Merge 116824
2012-05-11 Anders Carlsson <andersca@apple.com>
Can't scroll on webpage after following links from Blogger
https://bugs.webkit.org/show_bug.cgi?id=86274
<rdar://problem/11431352>
Reviewed by Beth Dakin.
When committing a new scroll layer, make sure to reset the scroll position.
* page/scrolling/ScrollingTree.cpp:
(WebCore::ScrollingTree::commitNewTreeState):
2012-05-15 Lucas Forschler <lforschler@apple.com>
Merge 116821
2012-05-10 Timothy Hatcher <timothy@apple.com>
Instrument timer function calls so they show up in the Web Inspector Timeline.
https://webkit.org/b/86173
Reviewed by Pavel Feldman.
Test: inspector/timeline/timeline-timer.html
* bindings/js/ScheduledAction.cpp:
(WebCore::ScheduledAction::executeFunctionInContext): Wrap the call with JSMainThreadExecState::instrumentFunctionCall
and InspectorInstrumentation::didCallFunction.
2012-05-15 Lucas Forschler <lforschler@apple.com>
Merge 116799
2012-05-11 Tim Horton <timothy_horton@apple.com>
FrameView->m_lastPaintTime is not updated in the tiled drawing case
https://bugs.webkit.org/show_bug.cgi?id=86246
<rdar://problem/11248475>
Reviewed by Simon Fraser.
Update FrameView's m_lastPaintTime from RenderLayerBacking::paintContents
if the RenderLayerBacking is backing a tiled drawing layer.
In the future we might want to consider updating m_lastPaintTime when any
compositing layer is painted into, but this change gets us on par with the
non-tiled-drawing case as it stands now.
No new tests.
* page/FrameView.h:
(WebCore::FrameView::setLastPaintTime):
* rendering/RenderLayerBacking.cpp:
(WebCore::RenderLayerBacking::paintContents):
2012-05-15 Lucas Forschler <lforschler@apple.com>
Merge 116832
2012-05-11 Jeffrey Pfau <jpfau@apple.com>
REGRESSION (r114170): Scroll areas in nested frames improperly placed when tiled drawing is enabled
https://bugs.webkit.org/show_bug.cgi?id=86239
Reviewed by Anders Carlsson.
Fixes a regression introduced in r114170 by recursively adding positions of parent frames to placement of nested frame scroll areas.
Manual tests: ManualTests/scrollable-positioned-frame.html
ManualTests/scrollable-positioned-nested-frame.html
* page/scrolling/ScrollingCoordinator.cpp:
(WebCore::computeNonFastScrollableRegion):
(WebCore::ScrollingCoordinator::frameViewLayoutUpdated):
2012-05-15 Lucas Forschler <lforschler@apple.com>
Merge 116720
2012-05-10 Anders Carlsson <andersca@apple.com>
PDF files won't scroll in Safari when using Adobe plug-in
https://bugs.webkit.org/show_bug.cgi?id=86167
<rdar://problem/11389719>
Reviewed by Sam Weinig.
* page/scrolling/ScrollingCoordinator.cpp:
(WebCore::computeNonFastScrollableRegion):
Loop over the frame view children looking for plug-in views that want wheel events
and add them to the non-fast scrollable region. Ideally, the plug-ins should be added
to the set of scrollable areas, but PluginView in WebKit2 is not a ScrollableArea yet.
* plugins/PluginViewBase.h:
(PluginViewBase):
(WebCore::PluginViewBase::wantsWheelEvents):
2012-05-15 Lucas Forschler <lforschler@apple.com>
Merge 116720
2012-05-10 Anders Carlsson <andersca@apple.com>
PDF files won't scroll in Safari when using Adobe plug-in
https://bugs.webkit.org/show_bug.cgi?id=86167
<rdar://problem/11389719>
Reviewed by Sam Weinig.
* page/scrolling/ScrollingCoordinator.cpp:
(WebCore::computeNonFastScrollableRegion):
Loop over the frame view children looking for plug-in views that want wheel events
and add them to the non-fast scrollable region. Ideally, the plug-ins should be added
to the set of scrollable areas, but PluginView in WebKit2 is not a ScrollableArea yet.
* plugins/PluginViewBase.h:
(PluginViewBase):
(WebCore::PluginViewBase::wantsWheelEvents):
2012-05-15 Lucas Forschler <lforschler@apple.com>
Merge 116711
2012-05-10 Beth Dakin <bdakin@apple.com>
https://bugs.webkit.org/show_bug.cgi?id=86158
Overlay scrollbars without layers never paint in overflow regions in
tiled drawing mode
-and corresponding-
<rdar://problem/11289546>
Reviewed by Darin Adler.
RenderLayers paint scrollbars that do not have their own layers by
running a second pass through the layer tree after the layer tree has
painted. This ensures that the scrollbars always paint on top of
content. However, this mechanism was relying on
FrameView::paintContents() as a choke-point for all painting to
trigger the second painting pass. That is not a reasonable choke-point
in tiled drawing, so this patch adds similar code to
RenderLayerBacking.
Only opt into the second painting pass for scrollbars that do not have
their own layers.
* rendering/RenderLayer.cpp:
(WebCore::RenderLayer::paintOverflowControls):
A layer that paints into its backing cannot return early here if it
has overlay scrollbars to paint.
(WebCore::RenderLayer::paintLayer):
This replicates code in FrameView::paintContents(). After painting the
owning layer, do a second pass if there are overlay scrollbars to
paint.
* rendering/RenderLayerBacking.cpp:
(WebCore::RenderLayerBacking::paintIntoLayer):
2012-05-15 Lucas Forschler <lforschler@apple.com>
Merge 116697
2012-05-10 Beth Dakin <bdakin@apple.com>
https://bugs.webkit.org/show_bug.cgi?id=82131
[Mac] REGRESSION (r110480): Text field that specifies background-color
(or is auto-filled) gets un-themed border
-and corresponding-
<rdar://problem/11115221>
Reviewed by Maciej Stachowiak.
This change rolls out r110480 which is what caused styled text fields
to get the un-themed border, and it does a bunch of work to make sure
we get the pretty, new version of the NSTextField art whenever
possible. We do this differently for post-Lion OS's since there is now
a way to opt into it all the time. Lion and SnowLeopard can only use
the new art in HiDPI mode when the background color of the text field
is just white.
RenderThemeMac::textField() takes a boolean paramter used to determine
if the new gradient will be used.
* rendering/RenderThemeMac.h:
(RenderThemeMac):
This is the post-Lion workaround. This code has no effect on Lion and
SnowLeopard. This allows up to opt into a version of [NSTextField drawWithFrame:] that will only draw the frame of the text field; without this, it will draw the frame and the background, which creates a number of problems with styled text fields and text fields in HiDPI. There is a less comprehesive workaround for Lion and SnowLeopard in place in RenderThemeMac::textField().
* rendering/RenderThemeMac.mm:
(-[WebCoreTextFieldCell _coreUIDrawOptionsWithFrame:inView:includeFocus:]):
This is the roll-out of r110480.
(WebCore::RenderThemeMac::isControlStyled):
See the comments for a full explanation, but this is mostly code for
Lion and SnowLeopard to determine if we can opt into the new artwork.
(WebCore::RenderThemeMac::paintTextField):
(WebCore::RenderThemeMac::textField):
2012-05-15 Lucas Forschler <lforschler@apple.com>
Merge 116794
2012-05-11 Anders Carlsson <andersca@apple.com>
REGRESSION(r116687): [Chromium] plugins/embed-attributes-style.html shows a garbled string
https://bugs.webkit.org/show_bug.cgi?id=86170
Reviewed by Andreas Kling.
The string we are passing to the TextRun constructor needs to stay alive for longer so revert back to the old
behavior where we store it as a member variable.
* rendering/RenderEmbeddedObject.cpp:
(WebCore::unavailablePluginReplacementText):
(WebCore):
(WebCore::RenderEmbeddedObject::setPluginUnavailabilityReason):
(WebCore::RenderEmbeddedObject::getReplacementTextGeometry):
* rendering/RenderEmbeddedObject.h:
(RenderEmbeddedObject):
2012-05-15 Lucas Forschler <lforschler@apple.com>
Merge 116695
2012-05-10 Anders Carlsson <andersca@apple.com>
WebKit1: Add a way to blacklist specific plug-ins/plug-in versions
https://bugs.webkit.org/show_bug.cgi?id=86150
<rdar://problem/9551196>
Reviewed by Sam Weinig.
* English.lproj/Localizable.strings:
Update.
* loader/SubframeLoader.cpp:
(WebCore::SubframeLoader::loadPlugin):
It is possible that the client has already set the unavailability reason so don't try to set it twice.
* platform/LocalizedStrings.cpp:
(WebCore::insecurePluginVersionText):
* platform/LocalizedStrings.h:
Add insecure plug-in version text.
* rendering/RenderEmbeddedObject.cpp:
(WebCore::RenderEmbeddedObject::unavailablePluginReplacementText):
* rendering/RenderEmbeddedObject.h:
Add InsecurePluginVersion unavailability reason.
2012-05-15 Lucas Forschler <lforschler@apple.com>
Merge 116687
2012-05-10 Anders Carlsson <andersca@apple.com>
Rename the missing plug-in indicator to the unavailable plug-in indicator
https://bugs.webkit.org/show_bug.cgi?id=86136
Reviewed by Sam Weinig.
Since the indicator is shown for more than just missing plug-ins, generalize it and use a plug-in unavailability
reason enum to make it easier to extend. Also, pass the unavailability reason to the ChromeClient member functions.
* WebCore.exp.in:
* html/HTMLEmbedElement.cpp:
(WebCore::HTMLEmbedElement::updateWidget):
* html/HTMLObjectElement.cpp:
(WebCore::HTMLObjectElement::updateWidget):
* html/HTMLPlugInElement.cpp:
(WebCore::HTMLPlugInElement::defaultEventHandler):
* html/HTMLPlugInImageElement.cpp:
(WebCore::HTMLPlugInImageElement::updateWidgetIfNecessary):
* loader/SubframeLoader.cpp:
(WebCore::SubframeLoader::loadPlugin):
* page/ChromeClient.h:
(WebCore::ChromeClient::shouldUnavailablePluginMessageBeButton):
(WebCore::ChromeClient::unavailablePluginButtonClicked):
* page/FrameView.cpp:
(WebCore::FrameView::updateWidget):
* rendering/RenderEmbeddedObject.cpp:
(WebCore::RenderEmbeddedObject::RenderEmbeddedObject):
(WebCore::RenderEmbeddedObject::setPluginUnavailabilityReason):
(WebCore::RenderEmbeddedObject::showsUnavailablePluginIndicator):
(WebCore::RenderEmbeddedObject::setUnavailablePluginIndicatorIsPressed):
(WebCore::RenderEmbeddedObject::paint):
(WebCore::RenderEmbeddedObject::paintReplaced):
(WebCore::RenderEmbeddedObject::getReplacementTextGeometry):
(WebCore::RenderEmbeddedObject::unavailablePluginReplacementText):
(WebCore):
(WebCore::RenderEmbeddedObject::isInUnavailablePluginIndicator):
(WebCore::shouldUnavailablePluginMessageBeButton):
(WebCore::RenderEmbeddedObject::handleUnavailablePluginIndicatorEvent):
(WebCore::RenderEmbeddedObject::getCursor):
* rendering/RenderEmbeddedObject.h:
(RenderEmbeddedObject):
2012-05-15 Lucas Forschler <lforschler@apple.com>
Merge 116685
2012-05-10 Brady Eidson <beidson@apple.com>
<rdar://problem/10972577> and https://bugs.webkit.org/show_bug.cgi?id=80170
Contents of noscript elements turned into strings in WebArchives
Reviewed by Andy Estes.
There's a much deeper question about how innerHTML of <noscript> is expected to work in
both a scripting and non-scripting environment that we should pursue separately.
But for webarchives, we can solve this by filtering out the <noscript> elements completely
if scripting is enabled.
Test: webarchive/ignore-noscript-if-scripting-enabled.html
* WebCore.exp.in:
Add arguments to createMarkup and MarkupAccumulator methods to pass a Vector of QualifiedNames
that should be filtered from the resulting markup:
* editing/MarkupAccumulator.cpp:
(WebCore::MarkupAccumulator::serializeNodes):
(WebCore::MarkupAccumulator::serializeNodesWithNamespaces):
* editing/MarkupAccumulator.h:
* editing/markup.cpp:
(WebCore::createMarkup):
* editing/markup.h:
If scripting is enabled, add the noscriptTag to the tag names to filter:
* loader/archive/cf/LegacyWebArchive.cpp:
(WebCore::LegacyWebArchive::create):
2012-05-15 Lucas Forschler <lforschler@apple.com>
Merge 116579
2012-05-09 Anders Carlsson <andersca@apple.com>
Speed up some parts of TileCache drawing
https://bugs.webkit.org/show_bug.cgi?id=86033
<rdar://problem/10919373>
Reviewed by Sam Weinig.
* platform/graphics/ca/mac/TileCache.mm:
(WebCore::TileCache::tileCoverageRect):
If we can't have scrollbars, there's not much need to extend the tile coverage rect outside of the visible rect, since it's
unlikely that we'll do any form of scrolling here.
(WebCore::TileCache::revalidateTiles):
Don't update the tile layer frame if it's big enough to contain the tile size. Also, if there are no new tiles created,
don't call platformCALayerDidCreateTiles since that will trigger an extra layer flush.
2012-05-15 Lucas Forschler <lforschler@apple.com>
Merge 116570
2012-05-09 Beth Dakin <bdakin@apple.com>
https://bugs.webkit.org/show_bug.cgi?id=86025
RTL and vertical text documents do no scroll properly with the new
tiled scrolling model
-and corresponding-
<rdar://problem/11077589>
Reviewed by Dan Bernstein.
Most of the fix here is just to teach the scrolling tree about the
scroll origin.
* page/scrolling/ScrollingCoordinator.cpp:
(WebCore::ScrollingCoordinator::frameViewLayoutUpdated):
(WebCore::ScrollingCoordinator::setScrollParameters):
* page/scrolling/ScrollingCoordinator.h:
(ScrollParameters):
* page/scrolling/ScrollingTreeNode.cpp:
(WebCore::ScrollingTreeNode::update):
* page/scrolling/ScrollingTreeNode.h:
(WebCore::ScrollingTreeNode::scrollOrigin):
(ScrollingTreeNode):
* page/scrolling/ScrollingTreeState.cpp:
(WebCore::ScrollingTreeState::setScrollOrigin):
(WebCore):
* page/scrolling/ScrollingTreeState.h:
(WebCore::ScrollingTreeState::scrollOrigin):
(ScrollingTreeState):
* page/scrolling/mac/ScrollingTreeNodeMac.mm:
(WebCore::ScrollingTreeNodeMac::scrollPosition):
(WebCore::ScrollingTreeNodeMac::setScrollLayerPosition):
(WebCore::ScrollingTreeNodeMac::minimumScrollPosition):
(WebCore::ScrollingTreeNodeMac::maximumScrollPosition):
* rendering/RenderLayerCompositor.cpp:
(WebCore::RenderLayerCompositor::frameViewDidScroll):
Teaching the scrolling tree about the scroll origin revealed this pre-
existing bug. layoutOverflowRect() is not the right rect to use since
it is not writing-mode savvy. unscaledDocumentRect() is the right rect
for the view's bounds.
* rendering/RenderLayerBacking.cpp:
(WebCore::RenderLayerBacking::updateCompositedBounds):
2012-05-15 Lucas Forschler <lforschler@apple.com>
Merge 116473
2012-05-08 Jon Lee <jonlee@apple.com>
Safari warns that it needs to resend the form in an iFrame when going back
https://bugs.webkit.org/show_bug.cgi?id=82658
<rdar://problem/11292558>
Reviewed by Darin Adler.
Test: http/tests/loading/post-in-iframe-with-back-navigation.html
* WebCore.exp.in: Add _wkCFURLRequestAllowAllPostCaching.
* platform/mac/WebCoreSystemInterface.h: Add wkCFURLRequestAllowAllPostCaching.
* platform/mac/WebCoreSystemInterface.mm: Add wkCFURLRequestAllowAllPostCaching.
* platform/network/cf/ResourceRequestCFNet.cpp:
(WebCore::ResourceRequest::doUpdatePlatformRequest): Set the bit to cache all POST responses.
* platform/network/mac/ResourceRequestMac.mm:
(WebCore::ResourceRequest::doUpdatePlatformRequest): Set the bit to cache all POST responses.
2012-05-15 Lucas Forschler <lforschler@apple.com>
Merge 116458
2012-05-08 Philip Rogers <pdr@google.com>
Prevent crash in animated lists
https://bugs.webkit.org/show_bug.cgi?id=85382
Reviewed by Nikolas Zimmermann.
Animated lists blindly assign the last list value to m_toAtEndOfDurationType
in SVGAnimationElement::startedActiveInterval. If the last list value's length
is larger or smaller than the animated "to" length, we crash.
This change prevents accessing values off the end of toAtEndOfDuration by adding
a check for this case. It may seem inefficient to perform this check on every
animation update but the "to" value can change (in cardinality) while animating.
I checked each of the other animation types (e.g., SVGAnimatedAngle,
SVGAnimatedBoolean, etc.) and was only able to hit this style of crash
in the three types modified in this change:
SVGAnimatedLengthList, SVGAnimatedNumberList, and SVGAnimatedPointList.
Tests: svg/animations/animate-linear-discrete-additive-b-expected.svg
svg/animations/animate-linear-discrete-additive-b.svg
svg/animations/animate-linear-discrete-additive-c-expected.svg
svg/animations/animate-linear-discrete-additive-c.svg
svg/animations/animate-linear-discrete-additive-expected.svg
svg/animations/animate-linear-discrete-additive.svg
svg/animations/animate-list-crash.svg
* svg/SVGAnimatedLengthList.cpp:
(WebCore::SVGAnimatedLengthListAnimator::calculateAnimatedValue):
* svg/SVGAnimatedNumberList.cpp:
(WebCore::SVGAnimatedNumberListAnimator::calculateAnimatedValue):
* svg/SVGAnimatedPointList.cpp:
(WebCore::SVGAnimatedPointListAnimator::calculateAnimatedValue):
2012-05-15 Lucas Forschler <lforschler@apple.com>
Merge 116449
2012-05-08 Timothy Hatcher <timothy@apple.com>
Fix the SOFT_LINK_STAGED_FRAMEWORK_OPTIONAL macro so it passes the full path to dlopen.
dyld only considers libraries in the versioned framework path if their install name
matches the library that it is attempting to load. The path we were passing to
dlopen lacked the Versions/A component of the path so dyld did not recognize that
we wanted it to use the staged version if it is newer.
<rdar://problem/11406517>
Reviewed by Mark Rowe.
* platform/mac/SoftLinking.h: Have SOFT_LINK_STAGED_FRAMEWORK_OPTIONAL take the
framework version as an argument and use it when constructing the path to dlopen.
2012-05-15 Lucas Forschler <lforschler@apple.com>
Merge 116427
2012-05-08 Stephen Chenney <schenney@chromium.org>
Shrink ElementAttributeData by factoring out Attr object count.
https://bugs.webkit.org/show_bug.cgi?id=85825
Unreviewed build fix.
* dom/ElementAttributeData.cpp:
(WebCore::attrListForElement): Was returning false instead of 0 for a pointer value. Now returns 0.
2012-05-15 Lucas Forschler <lforschler@apple.com>
Merge 116419
2012-05-08 Andreas Kling <kling@webkit.org>
Shrink ElementAttributeData by factoring out Attr object count.
<http://webkit.org/b/85825>
Reviewed by Antti Koivisto.
Stop tracking the number of Attr objects that point to a given Element on the
Element itself and manage this by having a global hashmap of Element => AttrList,
where AttrList is a vector of (pointers to) the associated Attr objects.
This shrinks ElementAttributeData by one integer, effectively reducing memory
consumption by ~530kB when viewing the full HTML5 spec at <http://whatwg.org/c>.
* dom/ElementAttributeData.h:
(ElementAttributeData):
Remove m_attrCount...
* dom/Node.h:
(WebCore::Node::hasAttrList):
(WebCore::Node::setHasAttrList):
(WebCore::Node::clearHasAttrList):
...replacing it with a Node flag that tells us whether there's an Attr
object map for this Node (only applies to Elements.)
* dom/ElementAttributeData.cpp:
(WebCore::attrListMap):
(WebCore::attrListForElement):
(WebCore::ensureAttrListForElement):
(WebCore::removeAttrListForElement):
(WebCore::ElementAttributeData::attrIfExists):
(WebCore::ElementAttributeData::ensureAttr):
(WebCore::ElementAttributeData::setAttr):
(WebCore::ElementAttributeData::removeAttr):
(WebCore::ElementAttributeData::detachAttributesFromElement):
Map Element => per-Element AttrList in a global hash.
2012-05-15 Lucas Forschler <lforschler@apple.com>
Merge 116395
2012-05-07 Simon Fraser <simon.fraser@apple.com>
Compositing layers with transformed children not large enough to show contents
https://bugs.webkit.org/show_bug.cgi?id=85855
Reviewed by Dan Bernstein.
r114518 added a code path to RenderLayer::calculateLayerBounds() which
does an early return if the layer has clipping. However, this code
path omitted to take local transforms into account.
Fix is to handle transforms as we do in the non-clipped case.
Test: compositing/geometry/bounds-clipped-composited-child.html
* rendering/RenderLayer.cpp:
(WebCore::RenderLayer::calculateLayerBounds):
2012-05-15 Lucas Forschler <lforschler@apple.com>
Merge 116368
2012-05-07 Enrica Casucci <enrica@apple.com>
REGRESSION (r101575): Chinese input is broken when composing mail in iCloud using Safari.
https://bugs.webkit.org/show_bug.cgi?id=85840
<rdar://problem/11115520>
Reviewed by Alexey Proskuryakov.
The revision that broke this, introduced a way to sanitize the markup when deleting a range selection.
iCloud listens for DOM modification events and clears the selection, altering the input method state.
The fix consists in adding a paramenter to DeleteSelectionCommand to control when we sanitize the
markup.
* editing/CompositeEditCommand.cpp:
(WebCore::CompositeEditCommand::deleteSelection):
* editing/CompositeEditCommand.h:
* editing/DeleteSelectionCommand.cpp:
(WebCore::DeleteSelectionCommand::DeleteSelectionCommand):
(WebCore::DeleteSelectionCommand::doApply):
* editing/DeleteSelectionCommand.h:
(WebCore::DeleteSelectionCommand::create):
* editing/InsertTextCommand.cpp:
(WebCore::InsertTextCommand::doApply):
2012-05-15 Lucas Forschler <lforschler@apple.com>
Merge 116367
2012-05-07 Andy Estes <aestes@apple.com>
ENABLE_IFRAME_SEAMLESS should be part of FEATURE_DEFINES.
* Configurations/FeatureDefines.xcconfig:
2012-05-15 Lucas Forschler <lforschler@apple.com>
Merge 116356
2012-05-07 Eric Seidel <eric@webkit.org>
Add ENABLE_IFRAME_SEAMLESS so Apple can turn off SEAMLESS if needed
https://bugs.webkit.org/show_bug.cgi?id=85822
Reviewed by Adam Barth.
* Configurations/FeatureDefines.xcconfig:
* dom/Document.cpp:
(WebCore::Document::shouldDisplaySeamlesslyWithParent):
2012-05-04 Ilya Tikhonovsky <loislo@chromium.org>
Web Inspector: annotate ProfilerAgent.
https://bugs.webkit.org/show_bug.cgi?id=85630
Reviewed by Pavel Feldman.
* inspector/Inspector.json:
* inspector/InspectorProfilerAgent.cpp:
(WebCore::InspectorProfilerAgent::createProfileHeader):
(WebCore::InspectorProfilerAgent::createSnapshotHeader):
(WebCore::InspectorProfilerAgent::getProfileHeaders):
(WebCore):
(WebCore::InspectorProfilerAgent::getProfile):
* inspector/InspectorProfilerAgent.h:
(InspectorProfilerAgent):
* inspector/front-end/CSSSelectorProfileView.js:
* inspector/front-end/HeapSnapshotView.js:
(WebInspector.HeapSnapshotProfileType.prototype.createProfile):
* inspector/front-end/ProfileView.js:
* inspector/front-end/ProfilesPanel.js:
(WebInspector.ProfilesPanel.prototype.addProfileHeader):
(WebInspector.ProfilesPanel.prototype._addHeapSnapshotChunk):
(WebInspector.ProfilerDispatcher.prototype.resetProfiles):
2012-05-04 Gustavo Noronha Silva <gns@gnome.org>
[GTK] Simplify how libWebCoreModules is linked in, and fix WebKit2 build
https://bugs.webkit.org/show_bug.cgi?id=85691
* GNUmakefile.am: link libWebCoreModules into libWebCore.
2012-05-04 Kent Tamura <tkent@chromium.org>
Rename ICULocale to LocaleICU, part 1
https://bugs.webkit.org/show_bug.cgi?id=85688
Reviewed by Kentaro Hara.
Rename it for consistency. Our convention is Foo<Platform>.{cpp,h}.
This patch changes only file names. We'll rename ICULocale class
by a following patch.
No behavior changes.
* WebCore.gypi:
* platform/text/LocaleICU.cpp: Renamed from Source/WebCore/platform/text/ICULocale.cpp.
* platform/text/LocaleICU.h: Renamed from Source/WebCore/platform/text/ICULocale.h.
* platform/text/LocalizedDateICU.cpp: Rename ICULocale.h to LocaleICU.h.
* platform/text/LocalizedNumberICU.cpp: ditto.
2012-05-04 Julien Chaffraix <jchaffraix@webkit.org>
Leaf non self-painting layers should bail out early in RenderLayer::paintLayer
https://bugs.webkit.org/show_bug.cgi?id=85678
Reviewed by Darin Adler.
Performance optimization, no expected change in behavior.
The gist of the change is that leaf non self-painting layers don't need to be painted as their
associated RenderBoxModelObject should properly paint itself without any help.
For RenderLayer trees that have a large number of leafs nodes (like a table with a leaf RenderLayer for
each cells), not bailing out is a big overhead as it ends up doing a lot of computation for no real
painting. See http://dglazkov.github.com/performance-tests/biggrid.html for a benchmark for that. On
my machine, it reduces the paint time when scrolling to 70ms from 120ms (45% speedup).
* rendering/RenderLayer.cpp:
(WebCore::RenderLayer::paintLayer):
2012-05-04 Rob Buis <rbuis@rim.com>
Remove InlineBox::next()
https://bugs.webkit.org/show_bug.cgi?id=85668
Reviewed by Nikolas Zimmermann.
InlineBox::next() not needed since nextOnLine() does the same.
* rendering/InlineBox.h:
(InlineBox):
* rendering/InlineFlowBox.h:
(WebCore::InlineFlowBox::setConstructed):
2012-05-04 Chris Rogers <crogers@google.com>
Oscillator must implement noteOn() and noteOff()
https://bugs.webkit.org/show_bug.cgi?id=85236
Reviewed by Kenneth Russell.
Test: webaudio/oscillator-scheduling.html
to be landed separately to get proper platform baselines
* Modules/webaudio/AudioBufferSourceNode.cpp:
(WebCore::AudioBufferSourceNode::process):
Simplify/remove zeroing-out silence at end of buffer, since it's now handled in the base-class AudioScheduledSourceNode::updateSchedulingInfo().
* Modules/webaudio/AudioContext.cpp:
(WebCore::AudioContext::createBufferSource):
Improve comment about ownership and dynamic-lifetime of AudioBufferSourceNode.
(WebCore::AudioContext::createOscillator):
AudioContext keeps a reference to the Oscillator and that reference is released in AudioScheduledSourceNode,
when it has finished playing.
* Modules/webaudio/AudioScheduledSourceNode.h:
* Modules/webaudio/AudioScheduledSourceNode.cpp:
(WebCore::AudioScheduledSourceNode::updateSchedulingInfo):
updateSchedulingInfo() is now responsible for zeroing out the very start (before a note starts)
and the very end (after note ends) of the output AudioBus. We've also simplified the number
of arguments passed to this method, because of this. It now handles playbackState transition to FINISHED_STATE.
* Modules/webaudio/Oscillator.cpp:
(WebCore::Oscillator::Oscillator):
(WebCore::Oscillator::calculateSampleAccuratePhaseIncrements):
The frequency value needs to snap immediately to its correct value the very first time.
This bug needs to be fixed here so that the Oscillator layout scheduling test works correctly.
(WebCore::Oscillator::process):
Since Oscillator in now changing to be a AudioScheduledSourceNode, we need to call AudioScheduledSourceNode::updateSchedulingInfo()
to handle playbackState for us.
(WebCore::Oscillator::propagatesSilence):
Add scheduling logic for propagatesSilence().
(Oscillator):
* Modules/webaudio/Oscillator.idl:
Add noteOn(), noteOff() methods and playbackState according to specification.
2012-05-04 Andy Estes <aestes@apple.com>
Remove uses of ASSERT(false)
https://bugs.webkit.org/show_bug.cgi?id=85686
Reviewed by Dean Jackson.
Replace uses of ASSERT(false) with ASSERT_NOT_REACHED(). Also, in two places, there was code structured like:
if (expr) {
// do something
} else {
ASSERT(false);
}
Replace this with:
ASSERT(expr);
if (!expr)
return;
// do something
* Modules/webdatabase/DatabaseTracker.cpp:
(WebCore::DatabaseTracker::deleteOrigin):
(WebCore::DatabaseTracker::doneCreatingDatabase):
(WebCore::DatabaseTracker::doneDeletingDatabase):
(WebCore::DatabaseTracker::deleteDatabase):
* bridge/objc/objc_instance.mm:
(ObjcInstance::invokeObjcMethod):
* bridge/objc/objc_utility.mm:
(JSC::Bindings::convertObjcValueToValue):
(JSC::Bindings::objcValueTypeForType):
* dom/Node.cpp:
(WebCore::Node::createRenderer):
* loader/icon/IconDatabase.cpp:
(WebCore::IconDatabase::setIconURLForPageURLInSQLDatabase):
(WebCore::IconDatabase::setIconIDForPageURLInSQLDatabase):
* platform/graphics/GraphicsContext3D.cpp:
(WebCore::doPacking):
* platform/text/BidiResolver.h:
(WebCore::::createBidiRunsForLine):
2012-05-04 Noel Gordon <noel.gordon@gmail.com>
[CG] Minor refactor of ImageBuffer::CGImageToDataURL and its callers
https://bugs.webkit.org/show_bug.cgi?id=85280
Reviewed by Kenneth Russell.
This patch means to simplify the diff of an upcoming patch. Refactoring
here in preparation for that patch.
No new tests. No behavioral change. Covered by canvas 2d and 3d tests:
canvas/philip/tests/*toDataURL*.html
fast/canvas/webgl/premultiplyalpha-test.html
* platform/graphics/cg/ImageBufferCG.cpp:
(WebCore::CGImageToDataURL): Move the invalid image (!image) test here.
The comments are about JPEG images; say that. Rename out to base64Data.
(WebCore::ImageBuffer::toDataURL): Remove the !image test.
(WebCore::ImageDataToDataURL): Move and define variables where used and
make the code flow read similarly to toDataURL. Remove the !image test.
2012-05-04 Shawn Singh <shawnsingh@chromium.org>
[chromium] Changes to layer tree structure need to be tracked properly
https://bugs.webkit.org/show_bug.cgi?id=85421
Reviewed by Adrienne Walker.
Unit test added: TreeSynchronizerTest.syncSimpleTreeAndTrackStackingOrderChange
Earlier, we were relying on WebCore behavior that always called
setNeedsDisplay whenever the layer tree structure changed.
However, in general it is more correct to consider layer tree
changes even when things don't need repainting; for example Aura
code is encountring this bug now. This patch corrects the
compositor so that layer tree structural changes are considered
property changes, without requiring that layers needed to be
repainted.
* platform/graphics/chromium/LayerChromium.cpp:
(WebCore::LayerChromium::LayerChromium):
(WebCore::LayerChromium::insertChild):
(WebCore::LayerChromium::pushPropertiesTo):
* platform/graphics/chromium/LayerChromium.h:
(LayerChromium):
* platform/graphics/chromium/cc/CCLayerImpl.cpp:
(WebCore::CCLayerImpl::setStackingOrderChanged):
(WebCore):
* platform/graphics/chromium/cc/CCLayerImpl.h:
(CCLayerImpl):
2012-05-04 Jeffrey Pfau <jpfau@apple.com>
Unreviewed; build fix after r116191.
* bindings/js/JSEventListener.h:
2012-05-04 Enrica Casucci <enrica@apple.com>
REGRESSION: Cursor jumps to the first line after deleting the last word.
https://bugs.webkit.org/show_bug.cgi?id=85334
<rdar://problem/11210059>
Reviewed by Ryosuke Niwa.
This regression was introduced with the work to remove redundant divs.
When we decide to remove a DIV, we need to adjust the selection, if it is
expressed in terms of the node being removed. The new position was computed
using updatePositionForNodeRemoval that was not designed for the case where we
remove preserving children.
This patch adds a new method to CompositeEditCommand to do this properly.
Test: editing/deleting/delete-word-from-unstyled-div.html
* editing/CompositeEditCommand.cpp:
(WebCore::CompositeEditCommand::isRemovableBlock): Code clenup.
(WebCore::CompositeEditCommand::updatePositionForNodeRemovalPreservingChildren): Added.
* editing/CompositeEditCommand.h:
* editing/DeleteSelectionCommand.cpp:
(WebCore::DeleteSelectionCommand::removeRedundantBlocks): Uses updatePositionForNodeRemovalPreservingChildren.
2012-05-04 Jeffrey Pfau <jpfau@apple.com>
Prevent early EventListener deletion
https://bugs.webkit.org/show_bug.cgi?id=73970
Reviewed by Oliver Hunt.
Test: fast/events/attribute-listener-deletion-crash.html
* bindings/js/JSEventListener.h:
(WebCore::JSEventListener::jsFunction):
2012-05-04 Yongjun Zhang <yongjun_zhang@apple.com>
Add "combining short stroke overlay character (u0335)" to lookalike characters blacklist.
https://bugs.webkit.org/show_bug.cgi?id=85440
Reviewed by David Kilzer.
We should add u0335 to the characters blacklist.
* platform/mac/WebCoreNSURLExtras.mm:
(WebCore::isLookalikeCharacter):
2012-05-04 Satoru Takabayashi <satorux@chromium.org>
[chromium] Add plumbing for file display names for drag and drop
https://bugs.webkit.org/show_bug.cgi?id=85673
Reviewed by Darin Fisher.
No new tests: this change itself shouldn't change existing behavior.
* platform/chromium/ChromiumDataObject.cpp:
(WebCore::ChromiumDataObject::addFilename):
* platform/chromium/ChromiumDataObject.h:
(ChromiumDataObject):
2012-05-04 Levi Weintraub <leviw@chromium.org>
Correct pixel snapping in RenderSVGRoot::paintReplaced
https://bugs.webkit.org/show_bug.cgi?id=85671
Reviewed by Eric Seidel.
SVG root elements are still painted on pixel boundaries, so their children should
apply transforms based on their actual painted location, not their sub-pixel
one. This corrects a clipping and painting issue where these sub-pixel units are
incorrectly applied to the graphics context.
Covered by existing tests when sub-pixel layout is enabled.
* rendering/svg/RenderSVGRoot.cpp:
(WebCore::RenderSVGRoot::paintReplaced):
2012-05-04 Adam Barth <abarth@webkit.org>
Refactor CSP state to prepare for having both a ReportOnly and an Enforced policy
https://bugs.webkit.org/show_bug.cgi?id=85662
Reviewed by Eric Seidel.
This patch refactors the ContentSecurityPolicy state into a separate
DirectiveList class to prepare for
https://bugs.webkit.org/show_bug.cgi?id=85561, which will cause us to
need two directive lists: one for enforcement and one for monitoring.
This patch shouldn't cause any change in behavior.
* page/ContentSecurityPolicy.cpp:
(CSPDirectiveList):
(WebCore::CSPDirectiveList::header):
(WebCore::CSPDirectiveList::headerType):
(WebCore::CSPDirectiveList::denyIfEnforcingPolicy):
(WebCore):
(WebCore::CSPDirectiveList::CSPDirectiveList):
(WebCore::CSPDirectiveList::create):
(WebCore::CSPDirectiveList::reportViolation):
(WebCore::CSPDirectiveList::logUnrecognizedDirective):
(WebCore::CSPDirectiveList::checkEval):
(WebCore::CSPDirectiveList::operativeDirective):
(WebCore::CSPDirectiveList::checkInlineAndReportViolation):
(WebCore::CSPDirectiveList::checkEvalAndReportViolation):
(WebCore::CSPDirectiveList::checkSourceAndReportViolation):
(WebCore::CSPDirectiveList::allowJavaScriptURLs):
(WebCore::CSPDirectiveList::allowInlineEventHandlers):
(WebCore::CSPDirectiveList::allowInlineScript):
(WebCore::CSPDirectiveList::allowInlineStyle):
(WebCore::CSPDirectiveList::allowEval):
(WebCore::CSPDirectiveList::allowScriptFromSource):
(WebCore::CSPDirectiveList::allowObjectFromSource):
(WebCore::CSPDirectiveList::allowChildFrameFromSource):
(WebCore::CSPDirectiveList::allowImageFromSource):
(WebCore::CSPDirectiveList::allowStyleFromSource):
(WebCore::CSPDirectiveList::allowFontFromSource):
(WebCore::CSPDirectiveList::allowMediaFromSource):
(WebCore::CSPDirectiveList::allowConnectFromSource):
(WebCore::CSPDirectiveList::parse):
(WebCore::CSPDirectiveList::parseDirective):
(WebCore::CSPDirectiveList::parseReportURI):
(WebCore::CSPDirectiveList::createCSPDirective):
(WebCore::CSPDirectiveList::applySandboxPolicy):
(WebCore::CSPDirectiveList::addDirective):
(WebCore::ContentSecurityPolicy::ContentSecurityPolicy):
(WebCore::ContentSecurityPolicy::~ContentSecurityPolicy):
(WebCore::ContentSecurityPolicy::copyStateFrom):
(WebCore::ContentSecurityPolicy::didReceiveHeader):
(WebCore::ContentSecurityPolicy::setOverrideAllowInlineStyle):
(WebCore::ContentSecurityPolicy::header):
(WebCore::ContentSecurityPolicy::headerType):
(WebCore::ContentSecurityPolicy::allowJavaScriptURLs):
(WebCore::ContentSecurityPolicy::allowInlineEventHandlers):
(WebCore::ContentSecurityPolicy::allowInlineScript):
(WebCore::ContentSecurityPolicy::allowInlineStyle):
(WebCore::ContentSecurityPolicy::allowEval):
(WebCore::ContentSecurityPolicy::allowScriptFromSource):
(WebCore::ContentSecurityPolicy::allowObjectFromSource):
(WebCore::ContentSecurityPolicy::allowChildFrameFromSource):
(WebCore::ContentSecurityPolicy::allowImageFromSource):
(WebCore::ContentSecurityPolicy::allowStyleFromSource):
(WebCore::ContentSecurityPolicy::allowFontFromSource):
(WebCore::ContentSecurityPolicy::allowMediaFromSource):
(WebCore::ContentSecurityPolicy::allowConnectFromSource):
* page/ContentSecurityPolicy.h:
(WebCore):
* workers/WorkerMessagingProxy.cpp:
(WebCore::WorkerMessagingProxy::startWorkerContext):
2012-05-04 Abhishek Arya <inferno@chromium.org>
ASSERT(beforeChildAnonymousContainer->isTable()); fails in RenderBlock::addChildIgnoringAnonymousColumnBlocks.
https://bugs.webkit.org/show_bug.cgi?id=84606
Reviewed by Julien Chaffraix.
RenderBlock::removeChild forgot to set display on the anonymous block, causing it
to display as INLINE. To prevent this kind of failure in future, we replace
createAnonymousStyle with createAnonymousStyleWithDisplay to make everyone explictly
pass display as the argument.
Test: fast/block/block-add-child-crash.html
* rendering/RenderBlock.cpp:
(WebCore::RenderBlock::removeChild):
(WebCore::RenderBlock::createAnonymousWithParentRendererAndDisplay):
(WebCore::RenderBlock::createAnonymousColumnsWithParentRenderer):
(WebCore::RenderBlock::createAnonymousColumnSpanWithParentRenderer):
* rendering/RenderInline.cpp:
(WebCore::updateStyleOfAnonymousBlockContinuations):
(WebCore::RenderInline::addChildIgnoringContinuation):
* rendering/RenderObject.cpp:
(WebCore::RenderObject::propagateStyleToAnonymousChildren):
* rendering/RenderRuby.cpp:
(WebCore::createAnonymousRubyInlineBlock):
* rendering/RenderRubyRun.cpp:
(WebCore::RenderRubyRun::createRubyBase):
(WebCore::RenderRubyRun::staticCreateRubyRun):
* rendering/RenderTable.cpp:
(WebCore::RenderTable::createAnonymousWithParentRenderer):
* rendering/RenderTableCell.cpp:
(WebCore::RenderTableCell::createAnonymousWithParentRenderer):
* rendering/RenderTableRow.cpp:
(WebCore::RenderTableRow::createAnonymousWithParentRenderer):
* rendering/RenderTableSection.cpp:
(WebCore::RenderTableSection::createAnonymousWithParentRenderer):
* rendering/mathml/RenderMathMLBlock.cpp:
(WebCore::RenderMathMLBlock::createAlmostAnonymousBlock):
* rendering/mathml/RenderMathMLRow.cpp:
(WebCore::RenderMathMLRow::createAnonymousWithParentRenderer):
* rendering/mathml/RenderMathMLSubSup.cpp:
(WebCore::RenderMathMLSubSup::addChild):
* rendering/style/RenderStyle.cpp:
(WebCore::RenderStyle::createAnonymousStyleWithDisplay):
* rendering/style/RenderStyle.h:
2012-04-27 Erik Arvidsson <arv@chromium.org>
WebKit IDL does not use exception syntax
https://bugs.webkit.org/show_bug.cgi?id=85100
Reviewed by Dimitri Glazkov.
This adds support for exception ExceptionName { ... } which currently sets a flag
on the domClass.
Binding tests updated.
* Modules/indexeddb/IDBDatabaseException.idl:
* Modules/webdatabase/SQLException.idl:
* bindings/scripts/IDLParser.pm:
(ParseInterface):
(DetermineParseMode):
(ProcessSection):
* bindings/scripts/IDLStructure.pm:
* bindings/scripts/test/CPP/WebDOMTestException.cpp: Added.
(WebDOMTestException::WebDOMTestExceptionPrivate::WebDOMTestExceptionPrivate):
(WebDOMTestException::WebDOMTestExceptionPrivate):
(WebDOMTestException::WebDOMTestException):
(WebDOMTestException::operator=):
(WebDOMTestException::impl):
(WebDOMTestException::~WebDOMTestException):
(WebDOMTestException::name):
(toWebCore):
(toWebKit):
* bindings/scripts/test/CPP/WebDOMTestException.h: Added.
(WebCore):
(WebDOMTestException):
* bindings/scripts/test/GObject/WebKitDOMTestException.cpp: Added.
(WebKit):
(WebKit::kit):
(WebKit::core):
(WebKit::wrapTestException):
(webkit_dom_test_exception_finalize):
(webkit_dom_test_exception_set_property):
(webkit_dom_test_exception_get_property):
(webkit_dom_test_exception_constructed):
(webkit_dom_test_exception_class_init):
(webkit_dom_test_exception_init):
(webkit_dom_test_exception_get_name):
* bindings/scripts/test/GObject/WebKitDOMTestException.h: Added.
(_WebKitDOMTestException):
(_WebKitDOMTestExceptionClass):
* bindings/scripts/test/GObject/WebKitDOMTestExceptionPrivate.h: Added.
(WebKit):
* bindings/scripts/test/JS/JSTestException.cpp: Added.
(WebCore):
(WebCore::JSTestExceptionConstructor::JSTestExceptionConstructor):
(WebCore::JSTestExceptionConstructor::finishCreation):
(WebCore::JSTestExceptionConstructor::getOwnPropertySlot):
(WebCore::JSTestExceptionConstructor::getOwnPropertyDescriptor):
(WebCore::JSTestExceptionPrototype::self):
(WebCore::JSTestException::JSTestException):
(WebCore::JSTestException::finishCreation):
(WebCore::JSTestException::createPrototype):
(WebCore::JSTestException::destroy):
(WebCore::JSTestException::~JSTestException):
(WebCore::JSTestException::getOwnPropertySlot):
(WebCore::JSTestException::getOwnPropertyDescriptor):
(WebCore::jsTestExceptionName):
(WebCore::jsTestExceptionConstructor):
(WebCore::JSTestException::getConstructor):
(WebCore::isObservable):
(WebCore::JSTestExceptionOwner::isReachableFromOpaqueRoots):
(WebCore::JSTestExceptionOwner::finalize):
(WebCore::toJS):
(WebCore::toTestException):
* bindings/scripts/test/JS/JSTestException.h: Added.
(WebCore):
(JSTestException):
(WebCore::JSTestException::create):
(WebCore::JSTestException::createStructure):
(WebCore::JSTestException::impl):
(WebCore::JSTestException::releaseImpl):
(WebCore::JSTestException::releaseImplIfNotNull):
(JSTestExceptionOwner):
(WebCore::wrapperOwner):
(WebCore::wrapperContext):
(JSTestExceptionPrototype):
(WebCore::JSTestExceptionPrototype::create):
(WebCore::JSTestExceptionPrototype::createStructure):
(WebCore::JSTestExceptionPrototype::JSTestExceptionPrototype):
(JSTestExceptionConstructor):
(WebCore::JSTestExceptionConstructor::create):
(WebCore::JSTestExceptionConstructor::createStructure):
* bindings/scripts/test/ObjC/DOMTestException.h: Added.
* bindings/scripts/test/ObjC/DOMTestException.mm: Added.
(-[DOMTestException dealloc]):
(-[DOMTestException finalize]):
(-[DOMTestException name]):
(core):
(kit):
* bindings/scripts/test/ObjC/DOMTestExceptionInternal.h: Added.
(WebCore):
* bindings/scripts/test/TestException.idl: Copied from Source/WebCore/xml/XPathException.idl.
* bindings/scripts/test/V8/V8TestException.cpp: Added.
(WebCore):
(TestExceptionV8Internal):
(WebCore::TestExceptionV8Internal::V8_USE):
(WebCore::TestExceptionV8Internal::nameAttrGetter):
(WebCore::ConfigureV8TestExceptionTemplate):
(WebCore::V8TestException::GetRawTemplate):
(WebCore::V8TestException::GetTemplate):
(WebCore::V8TestException::HasInstance):
(WebCore::V8TestException::wrapSlow):
(WebCore::V8TestException::derefObject):
* bindings/scripts/test/V8/V8TestException.h: Added.
(WebCore):
(V8TestException):
(WebCore::V8TestException::toNative):
(WebCore::V8TestException::wrap):
(WebCore::toV8):
* dom/DOMCoreException.idl:
* dom/EventException.idl:
* dom/RangeException.idl:
* fileapi/FileException.idl:
* fileapi/OperationNotAllowedException.idl:
* svg/SVGException.idl:
* xml/XMLHttpRequestException.idl:
* xml/XPathException.idl:
2012-05-04 Rafael Weinstein <rafaelw@chromium.org>
V8RecursionScope not declared in V8Proxy::newInstance which causes ASSERT() failure from NPAPI
https://bugs.webkit.org/show_bug.cgi?id=85659
Reviewed by Ojan Vafai.
Added a stack-allocted V8RecursionScope to the newInstance call.
No new tests. No change in observable behavior.
* bindings/v8/V8Proxy.cpp:
(WebCore::V8Proxy::newInstance):
2012-05-04 Joshua Bell <jsbell@chromium.org>
IndexedDB: Remove all index metadata records when deleting an index
https://bugs.webkit.org/show_bug.cgi?id=85557
Reviewed by Tony Chang.
An assert is hit when re-loading database from backing store due to stale index
metadata entry. Do a range delete to clear all metadata entries when deleting an
index. Define metadata entries as enum and limits as consts instead of hardcoded ints.
No new tests - issue does not repro as layout test. Will land test in Chromium.
* Modules/indexeddb/IDBLevelDBBackingStore.cpp:
(WebCore::getBool): Helper functions; replaces pattern of putInt()/read only lead byte.
(WebCore):
(WebCore::putBool):
(WebCore::IDBLevelDBBackingStore::getObjectStores): Skip stale data. Use enums, helpers.
(WebCore::IDBLevelDBBackingStore::createObjectStore): Use enums.
(WebCore::IDBLevelDBBackingStore::deleteObjectStore): Use enums.
(WebCore::getNewVersionNumber): Use enums.
(WebCore::IDBLevelDBBackingStore::getIndexes): Skip stale data. Use enums, helpers.
(WebCore::getNewIndexId): Use enums.
(WebCore::IDBLevelDBBackingStore::createIndex): Use enums.
(WebCore::IDBLevelDBBackingStore::deleteIndex): Delete metadata by range.
* Modules/indexeddb/IDBLevelDBCoding.cpp:
(IDBLevelDBCoding): Add constants for metadata maximum values.
(WebCore::IDBLevelDBCoding::encodeBool):
(WebCore::IDBLevelDBCoding::decodeBool):
(WebCore::IDBLevelDBCoding::ObjectStoreMetaDataKey::encodeMaxKey): Use consts.
(WebCore::IDBLevelDBCoding::IndexMetaDataKey::encodeMaxKey): Use consts.
* Modules/indexeddb/IDBLevelDBCoding.h:
(IDBLevelDBCoding): Expose enums for metadata types.
2012-05-04 Anders Carlsson <andersca@apple.com>
Move markPagesForFullStyleRecalc to PageCache
https://bugs.webkit.org/show_bug.cgi?id=85664
Reviewed by Dan Bernstein.
Instead of going through all the history items in the back/forward list looking for cached pages, just iterate over the cached pages in the page.
* history/BackForwardController.cpp:
* history/BackForwardController.h:
* history/HistoryItem.cpp:
* history/HistoryItem.h:
* history/PageCache.cpp:
(WebCore::PageCache::markPagesForFullStyleRecalc):
(WebCore):
* history/PageCache.h:
(PageCache):
* page/Frame.cpp:
(WebCore::Frame::setPageAndTextZoomFactors):
* page/Page.cpp:
(WebCore::Page::setDeviceScaleFactor):
(WebCore::Page::setPagination):
2012-05-04 Tony Chang <tony@chromium.org>
The computed style of flex-item-align should never be auto.
https://bugs.webkit.org/show_bug.cgi?id=85656
Reviewed by Ojan Vafai.
If the node lacks a parent and flex-item-align is auto, we should
return stretch. This was recently clarified in the spec.
New testcase in css3/flexbox/css-properties.html.
* css/CSSComputedStyleDeclaration.cpp:
(WebCore::CSSComputedStyleDeclaration::getPropertyCSSValue):
2012-05-04 Christophe Dumez <christophe.dumez@intel.com>
[soup] URL of the ResourceResponse passed to willSendRequest is incorrect
https://bugs.webkit.org/show_bug.cgi?id=85072
Reviewed by Gustavo Noronha Silva.
Store the response message by catching the "got-headers" signal so
that it can be passed later to willSendRequest() in case of
redirection. This is required because the SoupMessage headers and URL
have already been updated once restartedCallback() is called.
* platform/network/soup/ResourceHandleSoup.cpp:
(WebCore):
(WebCore::gotHeadersCallback):
(WebCore::restartedCallback):
(WebCore::sendRequestCallback):
(WebCore::startHTTPRequest):
2012-05-04 Ian Vollick <vollick@chromium.org>
[chromium] CCProxy's shouldn't try to draw if there is no layer renderer
https://bugs.webkit.org/show_bug.cgi?id=85218
Reviewed by Adrienne Walker.
* platform/graphics/chromium/cc/CCThreadProxy.cpp:
(WebCore::CCThreadProxy::scheduledActionDrawAndSwapInternal):
2012-05-04 Rob Buis <rbuis@rim.com>
[BlackBerry] Rendering bmp file as text file when Content-Type:image/x-ms-bmp from apache web server.
https://bugs.webkit.org/show_bug.cgi?id=85036
Reviewed by Antonio Gomes.
Move getNormalizedMIMEType from WebKit into MIMETypeRegistry. This way we support uncommon mime types like image/pjpeg
and image/x-ms-bmp out of the box since we map to the more common image/jpeg and image/bmp respectively.
* platform/MIMETypeRegistry.cpp:
(WebCore::initializeSupportedImageMIMETypes):
(WebCore::MIMETypeRegistry::isSupportedImageMIMEType):
(WebCore::MIMETypeRegistry::isSupportedImageResourceMIMEType):
(WebCore):
(WebCore::mimeTypeAssociationMap):
(WebCore::MIMETypeRegistry::getNormalizedMIMEType):
* platform/MIMETypeRegistry.h:
(MIMETypeRegistry):
2012-05-04 Sami Kyostila <skyostil@chromium.org>
[chromium] Revert compositor layer scrolling
https://bugs.webkit.org/show_bug.cgi?id=85644
Reviewed by Steve Block.
This patch reverts the following commits because they were found to
trigger crashes. See discussion at http://code.google.com/p/chromium/issues/detail?id=124393.
[chromium] Allow scrolling non-root layers in the compositor thread
http://trac.webkit.org/changeset/114651
[chromium] Don't crash when scrolling empty layer tree
http://trac.webkit.org/changeset/114761
[chromium] Don't keep pointers to released layer tree
http://trac.webkit.org/changeset/115080
* platform/graphics/chromium/ContentLayerChromium.cpp:
* platform/graphics/chromium/ContentLayerChromium.h:
(ContentLayerChromium):
* platform/graphics/chromium/GraphicsLayerChromium.h:
(GraphicsLayerChromium):
* platform/graphics/chromium/LayerChromium.cpp:
(WebCore::LayerChromium::pushPropertiesTo):
* platform/graphics/chromium/LayerChromium.h:
(LayerChromium):
* platform/graphics/chromium/cc/CCLayerImpl.cpp:
* platform/graphics/chromium/cc/CCLayerImpl.h:
* platform/graphics/chromium/cc/CCLayerTreeHost.cpp:
(WebCore::CCLayerTreeHost::applyScrollAndScale):
* platform/graphics/chromium/cc/CCLayerTreeHostCommon.h:
(CCLayerTreeHostCommon):
* platform/graphics/chromium/cc/CCLayerTreeHostImpl.cpp:
(WebCore::CCLayerTreeHostImpl::CCLayerTreeHostImpl):
(WebCore::CCLayerTreeHostImpl::startPageScaleAnimation):
(WebCore::CCLayerTreeHostImpl::calculateRenderSurfaceLayerList):
(WebCore::CCLayerTreeHostImpl::contentSize):
(WebCore::CCLayerTreeHostImpl::prepareToDraw):
(WebCore::findScrollLayer):
(WebCore::CCLayerTreeHostImpl::setRootLayer):
(WebCore::CCLayerTreeHostImpl::setPageScaleFactorAndLimits):
(WebCore):
(WebCore::CCLayerTreeHostImpl::adjustScrollsForPageScaleChange):
(WebCore::CCLayerTreeHostImpl::setPageScaleDelta):
(WebCore::CCLayerTreeHostImpl::applyPageScaleDeltaToScrollLayer):
(WebCore::CCLayerTreeHostImpl::updateMaxScrollPosition):
(WebCore::CCLayerTreeHostImpl::scrollBegin):
(WebCore::CCLayerTreeHostImpl::scrollBy):
(WebCore::CCLayerTreeHostImpl::scrollEnd):
(WebCore::CCLayerTreeHostImpl::pinchGestureUpdate):
(WebCore::CCLayerTreeHostImpl::computePinchZoomDeltas):
(WebCore::CCLayerTreeHostImpl::makeScrollAndScaleSet):
(WebCore::CCLayerTreeHostImpl::processScrollDeltas):
(WebCore::CCLayerTreeHostImpl::animatePageScale):
* platform/graphics/chromium/cc/CCLayerTreeHostImpl.h:
(WebCore::CCLayerTreeHostImpl::releaseRootLayer):
(WebCore::CCLayerTreeHostImpl::scrollLayer):
(CCLayerTreeHostImpl):
2012-05-04 Ojan Vafai <ojan@chromium.org>
Remove file that was deleted in http://trac.webkit.org/changeset/116085/.
For some reason, this was breaking the chromium build (probably a gyp bug
since chromium shouldn't be pulling in this file).
* WebCore.gypi:
2012-05-04 Tony Chang <tony@chromium.org>
fix bit packing in FillLayer on Windows
https://bugs.webkit.org/show_bug.cgi?id=85636
Reviewed by Ryosuke Niwa.
Use unsigned for all bit packed types. I manually verified that
the current uses of these member variables always assign true or false.
No new tests, adding a compile assert to verify bit packing.
* rendering/style/FillLayer.cpp:
(SameSizeAsFillLayer): Added compile assert.
(WebCore):
(WebCore::FillLayer::FillLayer): Reorder m_sizeLength so bit packed fields are adjacent.
(WebCore::FillLayer::operator=): Ditto.
* rendering/style/FillLayer.h:
(FillLayer): Convert bools to unsigned to match other bit packed fields.
2012-05-04 Tommy Widenflycht <tommyw@google.com>
MediaStream API: Make PeerConnection00's API fully compliant with the draft
https://bugs.webkit.org/show_bug.cgi?id=85491
Reviewed by Adam Barth.
Mainly making the relevant API's use objects (aka Dictionaries) instead of the temporary strings,
but also making a few API's exception aware and changing the name of a flag.
Test: fast/mediastream/peerconnection-iceoptions.html
* Modules/mediastream/PeerConnection00.cpp:
(WebCore::PeerConnection00::createMediaHints):
(WebCore::PeerConnection00::createOffer):
(WebCore):
(WebCore::PeerConnection00::createAnswer):
(WebCore::PeerConnection00::createIceOptions):
(WebCore::PeerConnection00::createDefaultIceOptions):
(WebCore::PeerConnection00::startIce):
(WebCore::PeerConnection00::addStream):
(WebCore::PeerConnection00::changeReadyState):
* Modules/mediastream/PeerConnection00.h:
(WebCore):
(PeerConnection00):
* Modules/mediastream/PeerConnection00.idl:
* platform/mediastream/chromium/PeerConnection00HandlerInternal.cpp:
(WebCore::PeerConnection00HandlerInternal::startIce):
2012-05-04 David Tseng <dtseng@google.com>
Chromium should include MenuListPopups' and MenuListOptions' within the ax tree.
https://bugs.webkit.org/show_bug.cgi?id=85541
Reviewed by Chris Fleizach.
Covered by existing tests.
LayoutTests/accessibility/menu-list-sends-change-notification.html
* accessibility/AccessibilityMockObject.h:
(WebCore::AccessibilityMockObject::accessibilityIsIgnored):
* accessibility/chromium/AccessibilityObjectChromium.cpp:
(WebCore::AccessibilityObject::accessibilityPlatformIncludesObject):
2012-05-04 Levi Weintraub <leviw@chromium.org>
Unreviewed. Fixing ChangeLog conflict markers after 116009.
2012-05-04 Dan Winship <danw@gnome.org>
[GTK] ASSERTION FAILED: shouldLoadAsEmptyDocument(r.url()) ||
!defersLoading() in MainResourceLoader.cpp:382
Remove a soup_session_pause_message() call that got left behind,
update the defersLoading stuff to handle this case.
https://bugs.webkit.org/show_bug.cgi?id=85159
Reviewed by Martin Robinson.
No new tests. Now passes loader/load-defer-resume-crash.html under
debug build.
* platform/network/soup/ResourceHandleSoup.cpp:
(WebCore::sendRequestCallback):
(WebCore::ResourceHandle::platformSetDefersLoading):
2012-05-03 Martin Robinson <mrobinson@igalia.com>
[GTK] Rework IME handling to fix bugs and prepare for WebKit2
https://bugs.webkit.org/show_bug.cgi?id=84556
Reviewed by Gustavo Noronha Silva.
No new tests. This change is already covered by a suite of keyboard
handling unit tests in WebKitGTK+. There are some changes in behavior,
but they are difficult to test without mocking out an entire GtkIMContext.
Add a struct, CompositionResults, which is used by PlatformKeyboardEvent
to package composition information with a keyboard event. Also add some logic
to PlatformKeyboardEvent to give the right information when it has composition
results.
* GNUmakefile.list.am: Added new sources to the list.
* platform/PlatformKeyboardEvent.h: Added a new CompositionResults member,
getter, and argument to the constructor.
* platform/gtk/CompositionResults.h: Added.
* platform/gtk/GtkInputMethodFilter.cpp: Added.
* platform/gtk/GtkInputMethodFilter.h: Added.
* platform/gtk/PlatformKeyboardEventGtk.cpp:
(WebCore::PlatformKeyboardEvent::windowsKeyCodeForGdkKeyCode): When
the key value is void return the VK_PROCESS keycode, which is the keycode
that web content expects with keystrokes that trigger composition events.
(WebCore::eventTypeForGdkKeyEvent): Abstract out this helper.
(WebCore::modifiersForGdkKeyEvent): Abstract out this helper.
(WebCore::PlatformKeyboardEvent::PlatformKeyboardEvent): When a PlatformKeyEvent
has composition results, use VK_PROCESS as the keycode for this event.
(WebCore::PlatformKeyboardEvent::disambiguateKeyDownEvent): When this event is
transformed into a Char event, the PlatformKeyboardEvent used for DOM keypress
events, and it has composition results clear the text members. This forces the
EventHandler code to drop the keypress event. Platform events that change the
composition states do not have corresponding keypress DOM events (only keydown
and keyup events), so this is necessary to ensure web compatibility.
2012-05-04 Jochen Eisinger <jochen@chromium.org>
Correctly update the outgoing referrer when navigating back from an history item created by pushState/replaceState
https://bugs.webkit.org/show_bug.cgi?id=85374
Reviewed by Nate Chapin.
Test: http/tests/history/history-navigations-set-referrer.html
* loader/FrameLoader.cpp:
(WebCore::FrameLoader::loadInSameDocument):
2012-05-04 Tor Arne Vestbø <tor.arne.vestbo@nokia.com>
[Qt] Clean up and split features.prf into a static list of defaults
The static list of feature defaults is used as a fallback for any
feature that's not dynamically detected or overriden on the command
line (though build-webkit or passing DEFINES+= to qmake).
The static list is complete, which allows for auto-generation based
on Features.py (see bug https://bugs.webkit.org/show_bug.cgi?id=85456)
https://bugs.webkit.org/show_bug.cgi?id=85611
Reviewed by Simon Hausmann.
* Target.pri:
2012-05-04 Sheriff Bot <webkit.review.bot@gmail.com>
Unreviewed, rolling out r116085, r116091, and r116095.
http://trac.webkit.org/changeset/116085http://trac.webkit.org/changeset/116091http://trac.webkit.org/changeset/116095https://bugs.webkit.org/show_bug.cgi?id=85628
We are not ready with dependencies on all platform yet (mac) +
problems with debug builds. (Requested by Zoltan on #webkit).
* Target.pri:
* WebCore.pri:
* platform/MIMETypeRegistry.cpp:
(WebCore::initializeSupportedImageMIMETypes):
(WebCore::initializeSupportedImageMIMETypesForEncoding):
* platform/graphics/ImageSource.cpp:
* platform/graphics/ImageSource.h:
(WebCore):
* platform/graphics/qt/ImageDecoderQt.cpp:
(WebCore::ImageDecoder::create):
(WebCore):
(WebCore::ImageDecoderQt::filenameExtension):
(WebCore::ImageDecoderQt::internalHandleCurrentImage):
(WebCore::ImageDecoderQt::clearPointers):
* platform/image-decoders/ImageDecoder.cpp:
(WebCore::ImageDecoder::create):
* platform/image-decoders/ImageDecoder.h:
(WebCore::ImageFrame::getAddr):
(ImageFrame):
* platform/image-decoders/qt/ImageFrameQt.cpp: Added.
(WebCore):
(WebCore::ImageFrame::ImageFrame):
(WebCore::ImageFrame::operator=):
(WebCore::ImageFrame::clearPixelData):
(WebCore::ImageFrame::zeroFillPixelData):
(WebCore::ImageFrame::copyBitmapData):
(WebCore::ImageFrame::setSize):
(WebCore::ImageFrame::asNewNativeImage):
(WebCore::ImageFrame::hasAlpha):
(WebCore::ImageFrame::setHasAlpha):
(WebCore::ImageFrame::setColorProfile):
(WebCore::ImageFrame::setStatus):
(WebCore::ImageFrame::setPixmap):
(WebCore::ImageFrame::width):
(WebCore::ImageFrame::height):
2012-05-04 Ilya Tikhonovsky <loislo@chromium.org>
Web Inspector: eliminate temporaryProfile property from ProfilesPanel.
https://bugs.webkit.org/show_bug.cgi?id=85623
We can run different profilers at the same time therefore we have to keep temorary profile per profiler type.
Reviewed by Yury Semikhatsky.
* inspector/front-end/CSSSelectorProfileView.js:
(WebInspector.CSSSelectorProfileType.prototype.createView):
(WebInspector.CSSSelectorProfileType.prototype.createTemporaryProfile):
(WebInspector.CSSSelectorProfileType.prototype.createProfile):
* inspector/front-end/HeapSnapshotView.js:
(WebInspector.HeapSnapshotProfileType.prototype.createView):
(WebInspector.HeapSnapshotProfileType.prototype.createTemporaryProfile):
(WebInspector.HeapSnapshotProfileType.prototype.createProfile):
* inspector/front-end/ProfileView.js:
(WebInspector.CPUProfileType.prototype.startRecordingProfile):
(WebInspector.CPUProfileType.prototype.createView):
(WebInspector.CPUProfileType.prototype.createTemporaryProfile):
(WebInspector.CPUProfileType.prototype.createProfile):
* inspector/front-end/ProfilesPanel.js:
(WebInspector.ProfileType.prototype.createSidebarTreeElementForProfile):
(WebInspector.ProfileType.prototype.createTemporaryProfile):
(WebInspector.ProfileType.prototype.createProfile):
(WebInspector.ProfileHeader):
(WebInspector.HeapProfileHeader):
(WebInspector.ProfilesPanel.prototype.addProfileHeader):
(WebInspector.ProfilesPanel.prototype.findTemporaryProfile):
(WebInspector.ProfilesPanel.prototype._removeTemporaryProfile):
(WebInspector.ProfilesPanel.prototype._populateProfiles.populateCallback.var):
(WebInspector.ProfilesPanel.prototype._populateProfiles.populateCallback):
(WebInspector.ProfilesPanel.prototype._populateProfiles):
(WebInspector.ProfilesPanel.prototype.setRecordingProfile):
(WebInspector.ProfilesPanel.prototype.takeHeapSnapshot):
(WebInspector.ProfilesPanel.prototype._reportHeapSnapshotProgress):
(WebInspector.ProfilerDispatcher.prototype.addProfileHeader):
2012-05-04 Ilya Tikhonovsky <loislo@chromium.org>
Web Inspector: [chromium] ScriptGCEvent should not be static.
https://bugs.webkit.org/show_bug.cgi?id=80788
The static members of ScriptGCEvent were moved into per isolate data structure.
Drive by fix: Sometimes the used heap size after a GC is slightly more than it was before.
Reviewed by Yury Semikhatsky.
* bindings/v8/ScriptGCEvent.cpp:
(WebCore::ScriptGCEvent::gcPrologueCallback):
(WebCore::ScriptGCEvent::gcEpilogueCallback):
* bindings/v8/V8Binding.h:
(WebCore::GCEventData::GCEventData):
(WebCore::GCEventData::clear):
(GCEventData):
(WebCore):
(WebCore::V8BindingPerIsolateData::gcEventData):
(V8BindingPerIsolateData):
2012-05-04 Kent Hansen <kent.hansen@nokia.com>
[Qt] Update Qt bridge after changes to QMetaMethod
https://bugs.webkit.org/show_bug.cgi?id=85478
Reviewed by Tor Arne Vestbø.
QMetaMethod::signature() has been renamed to methodSignature() and
returns a QByteArray.
The new function QMetaMethod::name() gives direct access to a
method's name. returnType(), parameterCount(), and parameterType()
give direct access to type information.
Ported the custom QtConnectionObject meta-object to revision 7;
revision 6 and below aren't supported (and don't compile) with Qt5.
* Target.pri:
* bridge/qt/qt_class.cpp:
(JSC::Bindings::QtClass::fallbackObject):
* bridge/qt/qt_instance.cpp:
(JSC::Bindings::QtInstance::getPropertyNames):
* bridge/qt/qt_runtime.cpp:
(JSC::Bindings::findMethodIndex):
(Bindings):
(qt_meta_stringdata_QtConnectionObject_t):
(JSC::Bindings::QtConnectionObject::qt_static_metacall):
(JSC::Bindings::QtConnectionObject::qt_metacast):
(JSC::Bindings::QtConnectionObject::qt_metacall):
(JSC::Bindings::QtConnectionObject::execute):
* bridge/qt/qt_runtime.h:
(QtConnectionObject):
* bridge/qt/qt_runtime_qt4.cpp: Copied from Source/WebCore/bridge/qt/qt_runtime.cpp.
(Bindings):
(QWKNoDebug):
(JSC::Bindings::QWKNoDebug::QWKNoDebug):
(JSC::Bindings::QWKNoDebug::~QWKNoDebug):
(JSC::Bindings::QWKNoDebug::operator<<):
(JSC::Bindings::operator<<):
(RuntimeConversion):
(JSC::Bindings::registerCustomType):
(JSC::Bindings::isJSUint8ClampedArray):
(JSC::Bindings::valueRealType):
(JSC::Bindings::convertValueToQVariantMap):
(JSC::Bindings::convertValueToQVariant):
(JSC::Bindings::convertQVariantToValue):
(JSC::Bindings::QtRuntimeMethod::QtRuntimeMethod):
(JSC::Bindings::QtRuntimeMethod::finishCreation):
(JSC::Bindings::QtRuntimeMethod::~QtRuntimeMethod):
(JSC::Bindings::QtRuntimeMethod::destroy):
(JSC::Bindings::QtRuntimeMethodData::~QtRuntimeMethodData):
(JSC::Bindings::QtRuntimeMethodData::finalize):
(JSC::Bindings::QtRuntimeMetaMethodData::~QtRuntimeMetaMethodData):
(JSC::Bindings::QtRuntimeConnectionMethodData::~QtRuntimeConnectionMethodData):
(QtMethodMatchType):
(JSC::Bindings::QtMethodMatchType::QtMethodMatchType):
(JSC::Bindings::QtMethodMatchType::kind):
(JSC::Bindings::QtMethodMatchType::isValid):
(JSC::Bindings::QtMethodMatchType::isVariant):
(JSC::Bindings::QtMethodMatchType::isMetaType):
(JSC::Bindings::QtMethodMatchType::isUnresolved):
(JSC::Bindings::QtMethodMatchType::isMetaEnum):
(JSC::Bindings::QtMethodMatchType::enumeratorIndex):
(JSC::Bindings::QtMethodMatchType::variant):
(JSC::Bindings::QtMethodMatchType::metaType):
(JSC::Bindings::QtMethodMatchType::metaEnum):
(JSC::Bindings::QtMethodMatchType::unresolved):
(JSC::Bindings::QtMethodMatchType::typeId):
(JSC::Bindings::QtMethodMatchType::name):
(QtMethodMatchData):
(JSC::Bindings::QtMethodMatchData::QtMethodMatchData):
(JSC::Bindings::QtMethodMatchData::isValid):
(JSC::Bindings::QtMethodMatchData::firstUnresolvedIndex):
(JSC::Bindings::indexOfMetaEnum):
(JSC::Bindings::findMethodIndex):
(JSC::Bindings::findSignalIndex):
(JSC::Bindings::QtRuntimeMetaMethod::QtRuntimeMetaMethod):
(JSC::Bindings::QtRuntimeMetaMethod::finishCreation):
(JSC::Bindings::QtRuntimeMetaMethod::visitChildren):
(JSC::Bindings::QtRuntimeMetaMethod::call):
(JSC::Bindings::QtRuntimeMetaMethod::getCallData):
(JSC::Bindings::QtRuntimeMetaMethod::getOwnPropertySlot):
(JSC::Bindings::QtRuntimeMetaMethod::getOwnPropertyDescriptor):
(JSC::Bindings::QtRuntimeMetaMethod::getOwnPropertyNames):
(JSC::Bindings::QtRuntimeMetaMethod::lengthGetter):
(JSC::Bindings::QtRuntimeMetaMethod::connectGetter):
(JSC::Bindings::QtRuntimeMetaMethod::disconnectGetter):
(JSC::Bindings::QtRuntimeConnectionMethod::QtRuntimeConnectionMethod):
(JSC::Bindings::QtRuntimeConnectionMethod::finishCreation):
(JSC::Bindings::QtRuntimeConnectionMethod::call):
(JSC::Bindings::QtRuntimeConnectionMethod::getCallData):
(JSC::Bindings::QtRuntimeConnectionMethod::getOwnPropertySlot):
(JSC::Bindings::QtRuntimeConnectionMethod::getOwnPropertyDescriptor):
(JSC::Bindings::QtRuntimeConnectionMethod::getOwnPropertyNames):
(JSC::Bindings::QtRuntimeConnectionMethod::lengthGetter):
(JSC::Bindings::QtConnectionObject::QtConnectionObject):
(JSC::Bindings::QtConnectionObject::~QtConnectionObject):
(JSC::Bindings::QtConnectionObject::metaObject):
(JSC::Bindings::QtConnectionObject::qt_metacast):
(JSC::Bindings::QtConnectionObject::qt_metacall):
(JSC::Bindings::isJavaScriptFunction):
(JSC::Bindings::QtConnectionObject::execute):
(JSC::Bindings::QtConnectionObject::match):
(JSC::Bindings::QtConnectionObject::createWithInternalJSC):
(JSC::Bindings::::QtArray):
(JSC::Bindings::::~QtArray):
(JSC::Bindings::::rootObject):
(JSC::Bindings::::setValueAt):
(JSC::Bindings::::valueAt):
2012-05-04 Yury Semikhatsky <yurys@chromium.org>
Web Inspector: use single method for retrieving evaluation context in the runtime agent
https://bugs.webkit.org/show_bug.cgi?id=85621
Reviewed by Pavel Feldman.
Merged two script state retrieval methods into one. Moved Page specific logic
into PageRuntimeAgent.
* inspector/InspectorRuntimeAgent.cpp:
(WebCore::InspectorRuntimeAgent::evaluate):
* inspector/InspectorRuntimeAgent.h:
(InspectorRuntimeAgent):
* inspector/PageRuntimeAgent.cpp:
(WebCore::PageRuntimeAgent::scriptStateForEval):
* inspector/PageRuntimeAgent.h:
(PageRuntimeAgent):
* inspector/WorkerRuntimeAgent.cpp:
(WebCore::WorkerRuntimeAgent::scriptStateForEval):
* inspector/WorkerRuntimeAgent.h:
(WorkerRuntimeAgent):
2012-05-04 Jochen Eisinger <jochen@chromium.org>
Unreviewed, rolling out r115549.
http://trac.webkit.org/changeset/115549https://bugs.webkit.org/show_bug.cgi?id=83894
The newly added CRASH() statements are triggered too often
* loader/FrameLoader.cpp:
(WebCore::FrameLoader::init):
(WebCore::FrameLoader::setupForReplace):
(WebCore::FrameLoader::stopAllLoaders):
(WebCore::FrameLoader::clearProvisionalLoad):
(WebCore::FrameLoader::continueFragmentScrollAfterNavigationPolicy):
(WebCore::FrameLoader::continueLoadAfterNavigationPolicy):
2012-05-04 Zoltan Horvath <zoltan@webkit.org>
[Qt] Error message fix after r116091
https://bugs.webkit.org/show_bug.cgi?id=85614
Reviewed by Alexis Menard.
No new tests : error message fix.
* WebCore.pri:
2012-05-04 Alexis Menard <alexis.menard@openbossa.org>
[Qt] Build fix when using libpng version > 1.2.
https://bugs.webkit.org/show_bug.cgi?id=85614
Reviewed by Tor Arne Vestbø.
Don't enforce the version of libpng when passing the option to the linker.
No new tests : build fix.
* WebCore.pri:
2012-05-04 Simon Hausmann <simon.hausmann@nokia.com>
[Qt] Images are scaled badly in WebKit2
https://bugs.webkit.org/show_bug.cgi?id=85610
Reviewed by Jocelyn Turcotte.
Enable smooth pixmap transforms when rendering into the GraphicsSurface image.
This class is only used in WK2.
* platform/graphics/surfaces/qt/GraphicsSurfaceQt.cpp:
(WebCore::GraphicsSurface::platformBeginPaint):
2012-05-04 Zoltan Horvath <zoltan@webkit.org>
[Qt] Remove unnecessary executeable bits after r116085
No new tests.
* Target.pri:
* WebCore.pri:
* platform/graphics/ImageSource.cpp:
* platform/graphics/ImageSource.h:
* platform/graphics/qt/ImageDecoderQt.cpp:
* platform/graphics/qt/ImageDecoderQt.h:
* platform/image-decoders/ImageDecoder.cpp:
* platform/image-decoders/ImageDecoder.h:
2012-05-04 Zoltan Horvath <zoltan@webkit.org>
[Qt] Set WebCore imagedecoders as default and add fallback to QImageDecoder
https://bugs.webkit.org/show_bug.cgi?id=80400
This change modifies the default ImageDecoder for Qt-port from QImageDecoder to WebCore ImageDecoder.
The new behavior is to use QImageDecoder only if WebCoreImageDecoder doesn't support the requested
image type.
The WTF_USE_QT_IMAGE_DECODER macro has been removed, since it is no longer needed.
This change adds build depedency for libpng-dev and libjpeg-dev packages, becuase PNG and JPEG imagedecoders
need not only these libraries, but their headers also. Qmake-config tests for these libraries were
introduced in r110045.
Reviewed by Simon Hausmann.
No new tests needed.
* Target.pri: Move WebCore ImageDecoder files out of guards. Remove ImageFrameQt.cpp from sources.
* WebCore.pri: Move WebCore ImageDecoder include paths out of guards.
* platform/MIMETypeRegistry.cpp:
(WebCore::initializeSupportedImageMIMETypes): Add WebCore supported and Qt supported MIME types.
(WebCore::initializeSupportedImageMIMETypesForEncoding): Use Qt supported MIME types.
* platform/graphics/ImageSource.cpp: Remove unnecessary includes.
* platform/graphics/ImageSource.h: Remove unnecessary typedefs.
(WebCore):
* platform/graphics/qt/ImageDecoderQt.cpp:
(WebCore::ImageDecoderQt::filenameExtension): Remove unnecessary semicolon.
(WebCore::ImageDecoderQt::internalHandleCurrentImage): Use QImage and ImageFrame instead of QPixmap.
(WebCore):
(WebCore::ImageFrame::asNewNativeImage): Moved here from removed ImageFrameQt.cpp.
* platform/image-decoders/ImageDecoder.cpp: Reorganize the includes of the header.
(WebCore::ImageDecoder::create): Add platform macro guarded fallback case for QImageDecoder.
* platform/image-decoders/ImageDecoder.h: Remove Qt-specific codes.
(WebCore::ImageFrame::getAddr): Remove Qt-specific case, since it is no longer needed.
(ImageFrame):
* platform/image-decoders/qt/ImageFrameQt.cpp: Removed. Dead code, other code has been moved to
ImageDecoderQt.cpp.
2012-05-03 Ilya Tikhonovsky <loislo@chromium.org>
Web Inspector: createRawLocationByURL is too slow if a big number of evals happen.
https://bugs.webkit.org/show_bug.cgi?id=85477
It iterates through all the _scripts even they have no url.
We can keep a separate map of scripts with url.
Reviewed by Yury Semikhatsky.
* inspector/front-end/DebuggerModel.js:
(WebInspector.DebuggerModel):
(WebInspector.DebuggerModel.prototype._globalObjectCleared):
(WebInspector.DebuggerModel.prototype._resetScriptsMap):
(WebInspector.DebuggerModel.prototype._parsedScriptSource):
(WebInspector.DebuggerModel.prototype.createRawLocationByURL):
2012-05-03 David Barr <davidbarr@chromium.org>
Antialias single-edge solid borders
https://bugs.webkit.org/show_bug.cgi?id=85031
Reviewed by Simon Fraser.
Antialiasing is avoided for adjacent edges due to artifacts at the seam.
There are no such artifacts for single-edge borders so enable antialiasing.
Test: fast/css/border-solid-single-edge-antialias.html
* rendering/RenderBoxModelObject.cpp:
(WebCore::RenderBoxModelObject::paintBorder):
2012-05-03 Adam Barth <abarth@webkit.org>
CSP: Eval isn't blocked in about:blank subframes
https://bugs.webkit.org/show_bug.cgi?id=85553
Reviewed by Eric Seidel.
ContentSecurityPolicy has a back pointer to ScriptExecutionContext.
That means we shouldn't share a single ContentSecurityPolicy object
between multiple ScriptExecutionContexts. This patch copies the state
from one ScriptExecutionContext to another rather than sharing the
ContentSecurityPolicy object itself.
This resulted in a subtle but w.r.t. blocking eval. Because we block
eval by setting a bit in the JavaScript engine when enforcing the
policy, that bit wasn't copied along with the rest of the state when we
were sharing the ContentSecurityPolicy object. Now that we use the
more robust ContentSecurityPolicy::copyStateFrom function, we don't
have that bug.
Test: http/tests/security/contentSecurityPolicy/eval-blocked-in-about-blank-iframe.html
* dom/Document.cpp:
(WebCore::Document::initSecurityContext):
(WebCore):
(WebCore::Document::initContentSecurityPolicy):
* dom/Document.h:
(Document):
* dom/SecurityContext.cpp:
(WebCore::SecurityContext::setContentSecurityPolicy):
* dom/SecurityContext.h:
(SecurityContext):
* loader/FrameLoader.cpp:
(WebCore::FrameLoader::didBeginDocument):
* page/ContentSecurityPolicy.h:
(WebCore::ContentSecurityPolicy::create):
2012-05-03 Abhishek Arya <inferno@chromium.org>
Regression(r113769): Crash in AudioNodeOutput::disconnectAllParams.
https://bugs.webkit.org/show_bug.cgi?id=85196
Reviewed by Chris Rogers.
RefPtr the AudioParam hashset in AudioNodeOutput to prevent accessing
destroyed entries.
No new tests. Unable to reproduce it in DRT.
* Modules/webaudio/AudioNodeOutput.cpp:
(WebCore::AudioNodeOutput::disconnectAllParams):
* Modules/webaudio/AudioNodeOutput.h:
(AudioNodeOutput):
2012-05-03 Noel Gordon <noel.gordon@gmail.com>
PNGImageDecoder: Clean up rowAvailable() some more
https://bugs.webkit.org/show_bug.cgi?id=85464
Reviewed by Eric Seidel.
No new tests. Covered by existing tests: fast/images/png-extra-row-crash.html in
particular.
* platform/image-decoders/png/PNGImageDecoder.cpp:
(WebCore::PNGImageDecoder::rowAvailable): Use colorChannels consistently. Split
the useful libpng comments in two, then place the early-out code and conditions
inbetween. The png variable is only used in one place so move it there.
2012-05-03 Ojan Vafai <ojan@chromium.org>
Histogram total allocated bytes in the arena in addition to the render tree size
https://bugs.webkit.org/show_bug.cgi?id=85537
Reviewed by Eric Seidel.
We only free bytes allocated to a RenderArena when destroying the Document.
Histogram both the render tree size and the total bytes allocated. This
gives a better sense of the overhead of RenderArena as well as giving a more
accurate number for the amount of actual memory used by the render tree.
No new tests. This is not webfacing, so this can't be tested without adding
API to layout test controller, which doesn't seem worth it for this code.
* page/Page.cpp:
(WebCore::Page::renderTreeSize):
(WebCore::Page::setVisibilityState):
* page/Page.h:
(Page):
* platform/Arena.cpp:
(WebCore::ArenaAllocate):
* platform/Arena.h:
(WebCore):
* rendering/RenderArena.cpp:
(WebCore::RenderArena::allocate):
* rendering/RenderArena.h:
(WebCore::RenderArena::totalRenderArenaAllocatedBytes):
(RenderArena):
2012-05-03 Mary Wu <mary.wu@torchmobile.com.cn>
[BlackBerry] Add missed member in CrossThreadResourceRequestData
https://bugs.webkit.org/show_bug.cgi?id=85448
Reviewed by Antonio Gomes.
* platform/network/blackberry/ResourceRequest.h:
(CrossThreadResourceRequestData):
* platform/network/blackberry/ResourceRequestBlackBerry.cpp:
(WebCore::ResourceRequest::doPlatformCopyData):
(WebCore::ResourceRequest::doPlatformAdopt):
2012-05-03 Adam Barth <abarth@webkit.org>
CSP shouldn't block about:blank for iframes
https://bugs.webkit.org/show_bug.cgi?id=85233
Reviewed by Eric Seidel.
As discussed at the W3C WebAppSec face-to-face meeting, there's no
point in blocking about:blank iframes or objects because blocking a
frame or object just results in displaying about:blank anyway. This
patch just removes the spurious console message and violation report.
Test: http/tests/security/contentSecurityPolicy/frame-src-about-blank-allowed-by-default.html
* page/ContentSecurityPolicy.cpp:
(WebCore::ContentSecurityPolicy::allowObjectFromSource):
(WebCore::ContentSecurityPolicy::allowChildFrameFromSource):
2012-05-03 Sheriff Bot <webkit.review.bot@gmail.com>
Unreviewed, rolling out r116040.
http://trac.webkit.org/changeset/116040https://bugs.webkit.org/show_bug.cgi?id=85559
Broke a few IndexedDB browsertests (Requested by zhenyao on
#webkit).
* Modules/indexeddb/IDBCursor.cpp:
(WebCore::IDBCursor::direction):
* Modules/indexeddb/IDBCursor.h:
(IDBCursor):
* Modules/indexeddb/IDBCursor.idl:
* Modules/indexeddb/IDBDatabase.cpp:
(WebCore::IDBDatabase::transaction):
(WebCore):
* Modules/indexeddb/IDBDatabase.h:
* Modules/indexeddb/IDBDatabase.idl:
* Modules/indexeddb/IDBIndex.cpp:
(WebCore::IDBIndex::openCursor):
(WebCore::IDBIndex::openKeyCursor):
* Modules/indexeddb/IDBIndex.h:
(WebCore::IDBIndex::openCursor):
(WebCore::IDBIndex::openKeyCursor):
* Modules/indexeddb/IDBIndex.idl:
* Modules/indexeddb/IDBObjectStore.cpp:
(WebCore::IDBObjectStore::openCursor):
* Modules/indexeddb/IDBObjectStore.h:
(WebCore::IDBObjectStore::openCursor):
(IDBObjectStore):
* Modules/indexeddb/IDBObjectStore.idl:
* Modules/indexeddb/IDBRequest.cpp:
(WebCore::IDBRequest::IDBRequest):
(WebCore::IDBRequest::readyState):
(WebCore::IDBRequest::markEarlyDeath):
(WebCore::IDBRequest::resetReadyState):
(WebCore::IDBRequest::abort):
(WebCore::IDBRequest::finishCursor):
(WebCore::IDBRequest::onSuccess):
(WebCore::IDBRequest::stop):
* Modules/indexeddb/IDBRequest.h:
* Modules/indexeddb/IDBRequest.idl:
* Modules/indexeddb/IDBTransaction.cpp:
(WebCore::IDBTransaction::mode):
* Modules/indexeddb/IDBTransaction.h:
(IDBTransaction):
* Modules/indexeddb/IDBTransaction.idl:
2012-05-03 Raphael Kubo da Costa <rakuco@webkit.org>
[CMake] Rewrite FindCairo.cmake.
https://bugs.webkit.org/show_bug.cgi?id=84895
Reviewed by Daniel Bates.
The old approach relied on pkg-config for finding Cairo (which
introduced a dependency on pkg-config that could be avoided), used
the LibFindMacros code that we should probably remove in the
future and did not use the FindPackageHandleStandardArguments
module.
Change all that by rewriting the module.
- Use the pkg-config output optionally instead of requiring it
like LibFindMacros did.
- Remove the implicit dependency on FreeType which often found it
the wrong way via pkg-config and without considering
CMAKE_PREFIX_PATH.
- Retrieve the Cairo version by looking at cairo-version.h instead
of relying on pkg-config. It requires some additional code for
checking if the desired version has been found, but that will not
be needed once we start depending on CMake 2.8.3 or later.
The only downside is that FPHSA sets <UPPERCASED_NAME>_FOUND
instead of <Name>_FOUND, and to keep things consistent
Cairo_LIBRARIES and Cairo_INCLUDE_DIRS have become CAIRO_LIBRARIES
and CAIRO_INCLUDE_DIRS.
No new tests, build system change.
* PlatformEfl.cmake: Use CAIRO_FOO instead of Cairo_FOO.
2012-05-03 Anders Carlsson <andersca@apple.com>
Focus ring only appears in top-left tile
https://bugs.webkit.org/show_bug.cgi?id=85556
<rdar://problem/11359656>
Reviewed by Simon Fraser.
It is sufficient to just apply the current CTM to the clip rect and set that as the focus ring clip rect.
* platform/graphics/mac/WebLayer.mm:
(drawLayerContents):
2012-05-03 Alec Flett <alecflett@chromium.org>
IndexedDB: Replace numeric constants with strings
https://bugs.webkit.org/show_bug.cgi?id=84894
Reviewed by Tony Chang.
Test: storage/indexeddb/legacy-constants.html
Update IDBObjectStore.openCursor, IDBIndex.openCursor,
IDBIndex.openKeyCursor, IDBDatabase.transaction,
IDBCursor.direction, IDBTransaction.mode, and
IDBRequest.readyState to meet the latest spec. All of these APIs
now support string-based values in addition to the
legacy/deprecated enum-based values.
* Modules/indexeddb/IDBCursor.cpp:
(WebCore):
(WebCore::IDBCursor::direction):
(WebCore::IDBCursor::stringToDirection):
(WebCore::IDBCursor::directionToString):
* Modules/indexeddb/IDBCursor.h:
(IDBCursor):
* Modules/indexeddb/IDBCursor.idl:
* Modules/indexeddb/IDBDatabase.cpp:
(WebCore::IDBDatabase::transaction):
(WebCore):
* Modules/indexeddb/IDBDatabase.h:
(IDBDatabase):
* Modules/indexeddb/IDBDatabase.idl:
* Modules/indexeddb/IDBIndex.cpp:
(WebCore::IDBIndex::openCursor):
(WebCore):
(WebCore::IDBIndex::openKeyCursor):
* Modules/indexeddb/IDBIndex.h:
(WebCore::IDBIndex::openCursor):
(IDBIndex):
(WebCore::IDBIndex::openKeyCursor):
* Modules/indexeddb/IDBIndex.idl:
* Modules/indexeddb/IDBObjectStore.cpp:
(WebCore::IDBObjectStore::openCursor):
(WebCore):
* Modules/indexeddb/IDBObjectStore.h:
(WebCore::IDBObjectStore::openCursor):
(IDBObjectStore):
* Modules/indexeddb/IDBObjectStore.idl:
* Modules/indexeddb/IDBRequest.cpp:
(WebCore::IDBRequest::IDBRequest):
(WebCore::IDBRequest::readyState):
(WebCore::IDBRequest::markEarlyDeath):
(WebCore::IDBRequest::resetReadyState):
(WebCore::IDBRequest::abort):
(WebCore::IDBRequest::finishCursor):
(WebCore::IDBRequest::onSuccess):
(WebCore::IDBRequest::stop):
* Modules/indexeddb/IDBRequest.h:
* Modules/indexeddb/IDBRequest.idl:
* Modules/indexeddb/IDBTransaction.cpp:
(WebCore):
(WebCore::IDBTransaction::mode):
(WebCore::IDBTransaction::stringToMode):
(WebCore::IDBTransaction::modeToString):
* Modules/indexeddb/IDBTransaction.h:
(IDBTransaction):
* Modules/indexeddb/IDBTransaction.idl:
2012-05-03 Sam Weinig <sam@webkit.org>
Add an eventPhase NONE constant
https://bugs.webkit.org/show_bug.cgi?id=85397
Reviewed by Anders Carlsson.
Updates existing tests.
* dom/Event.h:
* dom/Event.idl:
Add NONE constant.
2012-05-03 Tony Chang <tony@chromium.org>
Height overflow when nesting multiple new Flexbox'es.
https://bugs.webkit.org/show_bug.cgi?id=83572
Reviewed by Ojan Vafai.
Test: css3/flexbox/nested-stretch.html
* rendering/RenderFlexibleBox.cpp:
(WebCore::RenderFlexibleBox::computeAvailableFreeSpace):
2012-05-03 Julien Chaffraix <jchaffraix@webkit.org>
ASSERT(!m_zOrderListsDirty) is triggering in Safari
https://bugs.webkit.org/show_bug.cgi?id=85512
Reviewed by Simon Fraser.
Unfortunately no test as I don't think the 2 cases are testable reliably.
A better fix would be to introduce some iterator that handle updating the
lists for you. For now, just adding the missing updateLayerListsIfNeeded()
calls.
* rendering/RenderLayerBacking.cpp:
(WebCore::RenderLayerBacking::hasVisibleNonCompositingDescendantLayers):
* rendering/RenderLayerCompositor.cpp:
(WebCore::RenderLayerCompositor::layerHas3DContent):
2012-05-03 Philip Rogers <pdr@google.com>
Fix numeric precision issue in SVG animations
https://bugs.webkit.org/show_bug.cgi?id=85502
Reviewed by Dirk Schulze.
r93938 had a bug where floating point numbers where compared exactly,
exposing a bug when floating point precision was not sufficient. This
change compares against an epsilon value to get around these precision
issues.
Test: svg/animations/animate-end-attribute-numeric-precision.html
* svg/animation/SVGSMILElement.cpp:
(WebCore::SVGSMILElement::calculateAnimationPercentAndRepeat):
2012-05-03 Joshua Bell <jsbell@chromium.org>
Fix coding style issues in IDBLevelDBCoding.cpp
https://bugs.webkit.org/show_bug.cgi?id=85536
Reviewed by Tony Chang.
No tests - just code formatting changes.
* Modules/indexeddb/IDBLevelDBCoding.cpp:
(WebCore::IDBLevelDBCoding::encodeIDBKey):
(WebCore::IDBLevelDBCoding::decodeIDBKey):
(WebCore::IDBLevelDBCoding::extractEncodedIDBKey):
(WebCore::IDBLevelDBCoding::compareEncodedIDBKeys):
2012-04-30 Filip Pizlo <fpizlo@apple.com>
PageCache autorelease should not wait until 3 seconds and 42 pages
https://bugs.webkit.org/show_bug.cgi?id=85254
<rdar://problem/11349613>
Reviewed by Geoffrey Garen.
No new tests, since there is no change in behavior.
* history/PageCache.cpp:
(WebCore):
(WebCore::PageCache::PageCache):
(WebCore::PageCache::releaseAutoreleasedPagesNowDueToTimer):
* history/PageCache.h:
(PageCache):
2012-05-03 Levi Weintraub <leviw@chromium.org>
Unreviewed build fix for Mac WK2. Adding a mistakenly removed symbol back to WebCore.exp.in.
* WebCore.exp.in:
2012-05-03 Levi Weintraub <leviw@chromium.org>
Unreviewed build fix for Qt after 116009. No changes in behavior.
* rendering/RenderTreeAsText.cpp:
(WebCore::RenderTreeAsText::writeRenderObject):
2012-05-03 W. James MacLean <wjmaclean@chromium.org>
[chromium] Revise touchpad fling curve to use exponential curve, to improve feel and small fling performance.
https://bugs.webkit.org/show_bug.cgi?id=85530
Reviewed by Kenneth Russell.
Existing unit tests updated for new curve.
Modifies TouchpadFLingGestureCurve to use an exponential, rather than polynomial, curve.
This change appears to improve the overall feel of touchpad fling, and substantially
improves small-fling performance.
* platform/TouchpadFlingPlatformGestureCurve.cpp:
(WebCore::TouchpadFlingPlatformGestureCurve::create):
(WebCore):
(WebCore::position):
(WebCore::velocity):
(WebCore::TouchpadFlingPlatformGestureCurve::TouchpadFlingPlatformGestureCurve):
2012-04-23 Levi Weintraub <leviw@chromium.org> and Emil A Eklund <eae@chromium.org>
[meta] Switch away from integers representing pixels for layout/event handling/rendering
https://bugs.webkit.org/show_bug.cgi?id=60318
Reviewed by Eric Seidel.
Swapping the LayoutUnit backend to FractionalLayoutUnit from int.
FractionalLayoutUnit is a new type that uses an integer to represent a fraction of a pixel.
We're also adding a feature flag -- ENABLE_SUBPIXEL_LAYOUT -- that toggles this fraction
between 1/1 and 1/60. Initially, all platforms will default to subpixel layout being off,
so FractionalLayoutUnits will effectively continue to act as integers.
With ENABLE_SUBPIXEL_LAYOUT turned on, FractionalLayoutUnits accumulate error from sub-pixel
CSS values and applied zooming, and painting uses pixel-snapping to align these values
to pixels. See http://trac.webkit.org/wiki/LayoutUnit for details.
In a number of previous patches, LayoutUnits were plumbed throughout the rendering tree
to prepare for this change. This included a number of functions in LayoutTypes.h and
the IntRect/Point/Size classes that were effectively no-ops while LayoutUnits were
integers. Subsequent patches will remove unnecessary versions of these functions; see
http://webkit.org/b/84616 for tracking these changes.
Tests: fast/sub-pixel/client-width-height-snapping.html
fast/sub-pixel/layout-boxes-with-zoom.html
fast/sub-pixel/size-of-box-with-zoom.html
* WebCore.exp.in: Updating function signatures that expose FractionalLayoutUnits.
* WebCore.xcodeproj/project.pbxproj: Adding missing FractionalLayoutPoint.h header.
* css/CSSComputedStyleDeclaration.cpp:
(WebCore::zoomAdjustedPixelValue): Using adjustFloatForAbsoluteZoom instead of int
to make use of extra precision before returning the pixel value.
* css/CSSPrimitiveValue.cpp:
(WebCore::CSSPrimitiveValue::computeLength): No longer rounds for imprecise conversion
when sub-pixel layout is enabled.
(WebCore::CSSPrimitiveValue::customCssText): Returning integer values for pixels.
* dom/Element.cpp:
(WebCore::adjustForLocalZoom): Using rounding instead of incrementing the value before
adjusting to account for truncation when sub-pixel layout is enabled.
* page/SpatialNavigation.cpp:
(WebCore::distanceDataForNode): Using FractionalLayoutUnit::abs instead of std::abs.
* platform/FractionalLayoutUnit.h: Adding some missing operators and a flag around the
constant denominator to switch it between 1/1 and 1/60 depending on the feature flag.
* platform/Length.h: Changing the default type for value to float, and adding intValue
since this more closely matches usage in a sub-pixel layout world.
* platform/win/PopupMenuWin.cpp:
(WebCore::PopupMenuWin::paint): Using minimumIntValueForLength in this platform code
instead of LayoutUnits.
* rendering/InlineFlowBox.cpp:
(WebCore::InlineFlowBox::placeBoxesInBlockDirection):
* rendering/LayoutTypes.h: This file contains the actual switch for changing LayoutUnits
to be FractionalLayoutUnits. Also updating stub methods with their proper implementations.
* rendering/PaintInfo.h:
(WebCore::PaintInfo::infiniteRect): Ensuring the infiniteRect doesn't overflow the
FractionalLayoutUnit bounds.
* rendering/RenderBlockLineLayout.cpp:
(WebCore::RenderBlock::checkPaginationAndFloatsAtEndLine): Switch to
FractionalLayoutUnit's abs function instead of std::abs.
* rendering/RenderBoxModelObject.cpp:
(WebCore::RenderBoxModelObject::calculateBackgroundImageGeometry): Add rounding for
setting the phase of the background geometry before applying modulo from the tile size.
* rendering/RenderDeprecatedFlexibleBox.cpp:
(WebCore::RenderDeprecatedFlexibleBox::layoutVerticalBox): Stop applying flex when
we have less than a pixel to distribute.
* rendering/RenderLayer.cpp:
(WebCore::RenderLayer::backgroundClipRect): Replace PaintInfo::infiniteRect with the
LayoutRect equivalent.
* rendering/RenderLineBoxList.cpp:
(WebCore::RenderLineBoxList::rangeIntersectsRect): Using FractionalLayoutUnit::abs
instead of std::abs.
* rendering/RenderObject.cpp:
(WebCore::RenderObject::repaintAfterLayoutIfNeeded): Ditto.
* rendering/RenderObject.h:
(WebCore): Removing unnecessary adjustForAbsoluteZoom function.
(WebCore::RenderObject::outlineSize): Outlines remain ints.
* rendering/RenderTableCell.cpp:
(WebCore::RenderTableCell::styleOrColLogicalWidth): Build fix. Using floats because
colWidthSum is a Length which uses floats.
* rendering/RenderThemeChromiumSkia.cpp:
(WebCore::RenderThemeChromiumSkia::paintSearchFieldResultsButton): Explicit templatization
for max.
* rendering/RenderTreeAsText.cpp: Adding code to minimize test expectation churn. It
may be worth outputting float values in test expectations, but this isn't done with
the inline box tree yet, either.
* rendering/RenderTreeAsText.h:
(WebCore): Adding a FractionalLayoutPoint operator.
* rendering/RenderWidget.cpp:
(WebCore::RenderWidget::updateWidgetGeometry): Adding missing pixel snapping, and switching
absoluteContentBox to an IntRect, as this is what boundingBox returns.
* rendering/svg/SVGRenderTreeAsText.cpp:
(WebCore::writePositionAndStyle): Adding an enclosingIntRect for consistency with old results.
2012-05-03 Levi Weintraub <leviw@chromium.org> and Emil A Eklund <eae@chromium.org>
[meta] Switch away from integers representing pixels for layout/event handling/rendering
https://bugs.webkit.org/show_bug.cgi?id=60318
Reviewed by Eric Seidel.
Swapping the LayoutUnit backend to FractionalLayoutUnit from int.
FractionalLayoutUnit is a new type that uses an integer that can represent a fraction of a
pixel. The ENABLE_SUBPIXEL_LAYOUT feature flags toggles this fraction between 1/1 and 1/60.
Initially, all platforms will default to subpixel layout being off, so FractionalLayoutUnits
will effectively continue to act as integers.
With ENABLE_SUBPIXEL_LAYOUT turned on, FractionalLayoutUnits accumulate error from sub-pixel
CSS values and applied zooming, and painting uses pixel-snapping to align these values
to pixels and prevent unwanted anti-aliasing. See http://trac.webkit.org/wiki/LayoutUnit for
details.
In a number of previous patches, LayoutUnits were plumbed throughout the rendering tree to
prepare for this change. This included a number of functions in LayoutTypes.h and the
IntRect/Point/Size classes that were effectively no-ops while LayoutUnits were integers. See
http://webkit.org/b/60318 for the exhaustive list of changes that were done in preparation
for this. Subsequent patches will remove unnecessary versions of these functions.
http://webkit.org/b/84616 tracks these changes.
Tests: fast/sub-pixel/client-width-height-snapping.html
fast/sub-pixel/layout-boxes-with-zoom.html
fast/sub-pixel/size-of-box-with-zoom.html
* WebCore.exp.in: Updating function signatures that expose FractionalLayoutUnits.
* WebCore.order: Ditto.
* WebCore.xcodeproj/project.pbxproj: Adding missing FractionalLayoutPoint.h header.
* css/CSSPrimitiveValue.cpp:
(WebCore::CSSPrimitiveValue::computeLength): No longer rounds for imprecise conversion
when sub-pixel layout is enabled.
* dom/Element.cpp:
(WebCore::adjustForLocalZoom): Using rounding instead of incrementing the value before
adjusting to account for truncation when sub-pixel layout is enabled.
* rendering/mathml/RenderMathMLBlock.cpp:
(WebCore): Fixing a static initializer build error by moving an integer constant to be
an int.
* rendering/LayoutTypes.h: This file contains the actual switch for changing LayoutUnits
to be FractionalLayoutUnits. Also updating stub methods with their proper implementations.
* rendering/PaintInfo.h:
(WebCore::PaintInfo::infiniteRect): Ensuring the infiniteRect doesn't overflow the
FractionalLayoutUnit bounds. LayoutRect::infiniteRect() is the largest rectangle that can
be represented using LayoutUnits.
* rendering/RenderLayer.h:
(WebCore::ClipRect::operator!=): Add overload of != to fix complaining compilers when
* rendering/RenderTreeAsText.cpp: Adding code to minimize test expectation churn. It
may be worth outputting float values in test expectations, but this isn't done with
the inline box tree yet, either.
* rendering/RenderTreeAsText.h:
(WebCore): Adding a FractionalLayoutPoint operator.
* rendering/svg/SVGRenderTreeAsText.cpp:
(WebCore::writePositionAndStyle):
(WebCore): Adding a FractionalLayoutPoint operator.
2012-05-03 Anders Carlsson <andersca@apple.com>
Move repaint counter drawing code out into a separate function
https://bugs.webkit.org/show_bug.cgi?id=85539
Reviewed by Simon Fraser.
The majority of code in TileCache::drawLayer deals with drawing the repaint counter. Move this code out
into a separate function to make it more clear what drawLayer does.
* platform/graphics/ca/mac/TileCache.h:
(TileCache):
* platform/graphics/ca/mac/TileCache.mm:
(WebCore::TileCache::drawLayer):
(WebCore::TileCache::drawRepaintCounter):
(WebCore):
2012-05-03 Simon Fraser <simon.fraser@apple.com>
Compositing 'requiresOwnBackingStore' logic caused new clip rect assertions
https://bugs.webkit.org/show_bug.cgi?id=85455
Reviewed by Dean Jackson.
r114283 added logic that allows compositing layers to avoid allocating their own
backing store and to paint into an ancestor instead. However, that caused
assertions in RenderLayer::updateClipRects() about m_clipRectsRoot being
incorrect, because clip rect code assumed that compositing layers
always painted themselves.
Fixed by calling paintsIntoCompositedAncestor() in RenderLayer::clippingRoot(),
so that clip rect computation matches painting.
I wasn't able to easily make a test that reproduces the assertion in DRT.
* rendering/RenderLayer.cpp:
(WebCore::RenderLayer::clippingRoot):
2012-05-03 Tim Horton <timothy_horton@apple.com>
REGRESSION(99539): SVG <img> disregards page scale and device scale
https://bugs.webkit.org/show_bug.cgi?id=77237
<rdar://problem/10767413>
Reviewed by Simon Fraser.
Rename SVGImageCache::SizeAndZoom to SVGImageCache::SizeAndScales, as it carries more than just zoom now.
Pass the product of the device and page scales through everything that takes a SVGImageCache::SizeAndScales,
using it to inflate the size of the buffer created in lookupOrCreateBitmapImageForRenderer,
and to inflate the destination rectangle passed to SVGImage::draw, which will cause a transformation
on the context being drawn into.
Invalidate the SVGImageCache entry on device/page scale changes in addition to zoom changes.
This patch does not cause SVGImageCache to take into account scale caused by CSS transforms; that is tracked
separately by https://bugs.webkit.org/show_bug.cgi?id=85335.
Tests: svg/as-image/image-respects-deviceScaleFactor.html
svg/as-image/image-respects-pageScaleFactor.html
* loader/cache/CachedImage.cpp:
(WebCore::CachedImage::setContainerSizeForRenderer):
(WebCore::CachedImage::imageSizeForRenderer):
* svg/graphics/SVGImage.cpp:
(WebCore::SVGImage::drawSVGToImageBuffer):
* svg/graphics/SVGImage.h:
* svg/graphics/SVGImageCache.cpp:
(WebCore::SVGImageCache::~SVGImageCache):
(WebCore::SVGImageCache::removeRendererFromCache):
(WebCore::SVGImageCache::setRequestedSizeAndScales):
(WebCore::SVGImageCache::requestedSizeAndScales):
(WebCore::SVGImageCache::redraw):
(WebCore::SVGImageCache::lookupOrCreateBitmapImageForRenderer):
* svg/graphics/SVGImageCache.h:
(WebCore::SVGImageCache::SizeAndScales::SizeAndScales):
(SizeAndScales):
(SVGImageCache):
(WebCore::SVGImageCache::ImageData::ImageData):
(ImageData):
2012-05-03 Fady Samuel <fsamuel@chromium.org>
Removing line in computeViewportAttributes that enforces a minimum scale factor to never allow zooming out more than viewport
https://bugs.webkit.org/show_bug.cgi?id=70609
Reviewed by Kenneth Rohde Christiansen.
Make Viewport Attributes' layoutSize be a FloatRect to avoid rounding
too early, and the occasional off by one fixed layout dimensions.
* dom/ViewportArguments.cpp:
(WebCore::computeViewportAttributes):
* dom/ViewportArguments.h:
(ViewportAttributes):
2012-05-03 Joshua Bell <jsbell@chromium.org>
IndexedDB: Handle generated keys up to 2^53
https://bugs.webkit.org/show_bug.cgi?id=85114
The spec defines the behavior for generated keys up to 2^53
(the maximum integer storable as an ECMAScript number) and
the error case when going beyond that. Ensure that we can
handle values up to that point and generate errors beyond.
Reviewed by Tony Chang.
Test: storage/indexeddb/key-generator.html
* Modules/indexeddb/IDBBackingStore.h:
(IDBBackingStore):
* Modules/indexeddb/IDBLevelDBBackingStore.cpp:
(WebCore::IDBLevelDBBackingStore::nextAutoIncrementNumber):
* Modules/indexeddb/IDBLevelDBBackingStore.h:
(IDBLevelDBBackingStore):
* Modules/indexeddb/IDBObjectStoreBackendImpl.cpp:
(WebCore::IDBObjectStoreBackendImpl::putInternal):
(WebCore::IDBObjectStoreBackendImpl::genAutoIncrementKey):
* Modules/indexeddb/IDBObjectStoreBackendImpl.h:
(IDBObjectStoreBackendImpl):
2012-05-03 Simon Fraser <simon.fraser@apple.com>
Remove RenderLayerCompositor::didStartAcceleratedAnimation()
https://bugs.webkit.org/show_bug.cgi?id=85514
Reviewed by Antti Koivisto.
Remove RenderLayerCompositor::didStartAcceleratedAnimation(), which is no longer
needed.
Code removal, no new tests.
* rendering/RenderLayerBacking.cpp:
(WebCore::RenderLayerBacking::startAnimation):
(WebCore::RenderLayerBacking::startTransition):
* rendering/RenderLayerCompositor.cpp:
* rendering/RenderLayerCompositor.h:
2012-05-03 Andreas Kling <kling@webkit.org>
REGRESSION(r111387): CSSOM representation of 'background-image' values should be CSSPrimitiveValue.
<http://webkit.org/b/85500>
Reviewed by Antti Koivisto.
Use the cloneForCSSOM() mechanism in CSSValue to expose CSSImageValue to bindings as a URI
primitive value. This matches the specced behavior of computed image values, and restores our
previous behavior without having CSSImageValue subclass CSSPrimitiveValue.
Also added a failsafe return after the isCSSOMSafe() assertion in the JSC bindings, since it's
better to expose an incorrect return value than an insecurely shared one, should we have or add
bugs in this code.
* bindings/js/JSCSSValueCustom.cpp:
(WebCore::toJS):
* css/CSSImageValue.cpp:
(WebCore::CSSImageValue::cloneForCSSOM):
* css/CSSImageValue.h:
* css/CSSValue.cpp:
(WebCore::CSSValue::cloneForCSSOM):
2012-05-03 Keishi Hattori <keishi@webkit.org>
Crash in HTMLFormControlElement::m_fieldSetAncestor
https://bugs.webkit.org/show_bug.cgi?id=85453
Reviewed by Kent Tamura.
Modified tests: fast/forms/datalist/datalist-child-validation.html
fast/forms/form-control-element-crash.html
* html/HTMLFormControlElement.cpp:
(WebCore::HTMLFormControlElement::removedFrom): Only set the invalid ancestor flag.
The element will be detached from the document so there is no need to update the style.
And the validation message will be hidden by the blur event.
(WebCore::HTMLFormControlElement::willValidate): Because of the change to removedFrom,
m_ancestorsValid may be false.
2012-05-03 Simon Fraser <simon.fraser@apple.com>
Keep overlap testing for compositing on pages with 3d transforms when possible
https://bugs.webkit.org/show_bug.cgi?id=62487
Reviewed by Antti Koivisto.
Change RenderLayerCompositor to always use overlap testing when possible.
Rather than turn off overlap testing wholesale when encountering a non-affine
transform, or starting an accelerated transform animation, we constrain
the disabling of overlap testing to within overflow:hidden areas when possible.
Tests: compositing/layer-creation/overlap-animation.html
compositing/layer-creation/overlap-transforms.html
* rendering/RenderLayerBacking.cpp:
(WebCore::RenderLayerBacking::setCompositedBounds): Whitespace fix.
* rendering/RenderLayerCompositor.cpp:
(WebCore::CompositingState::CompositingState):
(CompositingState): Add a member boolean to track whether we're testing overlap. Add a copy
constructor.
(WebCore::RenderLayerCompositor::updateCompositingLayers): Initialize the 'testing overlap'
setting based on m_compositingConsultsOverlap (though this will always be true until removed
in a future commit).
(WebCore::RenderLayerCompositor::updateBacking): No longer turn off overlap testing
when we see a non-affine transform.
(WebCore::RenderLayerCompositor::computeCompositingRequirements): No need for the 'struct'
in the arguments.
Consult compositingState.m_testingOverlap to see if we want to test overlap.
Use the new CompositingState copy ctor for childState, but set m_subtreeIsCompositing to false
as before.
If this layer is composited, look to see if need to disable over lap testing based on
the transform or an animation.
Just as we propagate m_subtreeIsCompositing, we have to propagate m_testingOverlap=false
for the rest of the traverse.
If we've just processed a layer which clips compositing descendants, we can go back
to testing for overlap.
(WebCore::RenderLayerCompositor::didStartAcceleratedAnimation): No need to do anything
here now. It will be removed in future.
(WebCore::RenderLayerCompositor::hasNonAffineTransform): No longer check
perspective here, since that doesn't affect whether _this_ layer should disable
overlap testing. Checking for a non-affine transform is sufficient.
(WebCore::RenderLayerCompositor::isRunningAcceleratedTransformAnimation):
New method to check if AnimationController is running a transform animation.
* rendering/RenderLayerCompositor.h:
(RenderLayerCompositor):
2012-05-03 Chris Fleizach <cfleizach@apple.com>
accessibility/misspelled-attributed-string.html test sometimes throws exceptions
https://bugs.webkit.org/show_bug.cgi?id=85081
Reviewed by Darin Adler.
Add in more range checking in case we get back ranges from spell checking that are wrong.
* accessibility/mac/WebAccessibilityObjectWrapper.mm:
(AXAttributeStringSetFont):
(AXAttributeStringSetColor):
(AXAttributeStringSetNumber):
(AXAttributeStringSetBlockquoteLevel):
(AXAttributeStringSetHeadingLevel):
(AXAttributeStringSetElement):
2012-05-03 Pavel Feldman <pfeldman@chromium.org>
Web Inspector: move canonical mime type calculation to Resource
https://bugs.webkit.org/show_bug.cgi?id=85507
Reviewed by Yury Semikhatsky.
Drive-by: small refactoring that prepares code for formatter extraction.
* inspector/front-end/BreakpointsSidebarPane.js:
* inspector/front-end/DebuggerModel.js:
(WebInspector.DebuggerModel.prototype.createLiveLocation):
(WebInspector.DebuggerModel.prototype.rawLocationToUILocation):
* inspector/front-end/DebuggerPresentationModel.js:
(WebInspector.DebuggerPresentationModelResourceBinding.prototype._uiSourceCodeForResource):
* inspector/front-end/NetworkManager.js:
(WebInspector.NetworkDispatcher.prototype._createNetworkRequest):
(get WebInspector):
* inspector/front-end/Resource.js:
(WebInspector.Resource.prototype.requestContent):
(WebInspector.Resource.prototype.canonicalMimeType):
(WebInspector.Resource.prototype._innerRequestContent.callback):
(WebInspector.Resource.prototype._innerRequestContent):
* inspector/front-end/ResourceView.js:
(WebInspector.ResourceSourceFrame.prototype.requestContent):
(WebInspector.ResourceSourceFrame.prototype._contentChanged):
2012-05-03 Yury Semikhatsky <yurys@chromium.org>
Web Inspector: 'expires' value is incorrect for cookies
https://bugs.webkit.org/show_bug.cgi?id=85489
Reviewed by Pavel Feldman.
Fixed cookie 'expires' property type from integer to number so that
we don't lose precision when assembling Cookie parameter in InspectorResourceAgent.
* inspector/Inspector.json:
2012-05-03 Dan Bernstein <mitz@apple.com>
highlight for Ruby text is mispositioned in the Web Inspector
https://bugs.webkit.org/show_bug.cgi?id=82684
Reviewed by Simon Fraser.
Tests: fast/writing-mode/flipped-blocks-inline-map-local-to-container-expected.html
fast/writing-mode/flipped-blocks-inline-map-local-to-container.html
In flipped blocks writing modes, flipping was being applied twice to box descendants of
inline children of the flipped block, once during RenderBox::mapLocalToContainer, and then
again by RenderInline::mapLocalToContainer. The fix is to make the latter only apply the
flip to local coordinates originating in the inline or a descendant inline. This is done
by adding a parameter of type ApplyContainerFlipOrNot, which defaults to ApplyContainerFlip
but is reset to DoNotApplyContainerFlip in recursive calls into mapLocalToContainer().
* rendering/RenderBox.cpp:
(WebCore::RenderBox::mapLocalToContainer): Added ApplyContainerFlipOrNot parameter, passing
DoNotApplyContainerFlip when recursing into the container.
* rendering/RenderBox.h:
* rendering/RenderInline.cpp:
(WebCore::RenderInline::mapLocalToContainer): Added ApplyContainerFlipOrNot paramerer, and
made the flipping conditional on its value.
* rendering/RenderInline.h:
* rendering/RenderObject.cpp:
(WebCore::RenderObject::mapLocalToContainer): Added ApplyContainerFlipOrNot parameter,
passing DoNotApplyContainerFlip when recursing into the container.
(WebCore::RenderObject::localToContainerQuad): Pass ApplyContainerFlip.
(WebCore::RenderObject::localToContainerPoint): Ditto.
* rendering/RenderObject.h:
* rendering/RenderView.cpp:
(WebCore::RenderView::mapLocalToContainer): Added ApplyContainerFlipOrNot parameter.
* rendering/RenderView.h:
* rendering/svg/RenderSVGForeignObject.cpp:
(WebCore::RenderSVGForeignObject::mapLocalToContainer): Ditto.
* rendering/svg/RenderSVGForeignObject.h:
* rendering/svg/RenderSVGInline.cpp:
(WebCore::RenderSVGInline::mapLocalToContainer): Ditto.
* rendering/svg/RenderSVGInline.h:
* rendering/svg/RenderSVGModelObject.cpp:
(WebCore::RenderSVGModelObject::mapLocalToContainer): Ditto.
* rendering/svg/RenderSVGModelObject.h:
* rendering/svg/RenderSVGRoot.cpp:
(WebCore::RenderSVGRoot::mapLocalToContainer): Ditto.
* rendering/svg/RenderSVGRoot.h:
* rendering/svg/RenderSVGText.cpp:
(WebCore::RenderSVGText::mapLocalToContainer): Ditto.
* rendering/svg/RenderSVGText.h:
* rendering/svg/SVGRenderSupport.cpp:
(WebCore::SVGRenderSupport::mapLocalToContainer): Pass DoNotApplyContainerFlip when
recursing into the parent.
2012-05-03 Pavel Feldman <pfeldman@chromium.org>
Web Inspector: make Script a ContentProvider.
https://bugs.webkit.org/show_bug.cgi?id=85486
Reviewed by Yury Semikhatsky.
This allows us to get rid of the corresponding content provider wrapper.
* inspector/front-end/ContentProviders.js:
* inspector/front-end/RawSourceCode.js:
(WebInspector.RawSourceCode.prototype._createContentProvider):
* inspector/front-end/Script.js:
(WebInspector.Script.prototype.contentURL):
(WebInspector.Script.prototype.requestContent.didGetScriptSource):
(WebInspector.Script.prototype.requestContent):
* inspector/front-end/SnippetsModel.js:
(WebInspector.SnippetsScriptMapping.prototype._createUISourceCodeForScript):
2012-05-03 Caio Marcelo de Oliveira Filho <caio.oliveira@openbossa.org>
Remove extra checks for empty string when parsing CSS value
https://bugs.webkit.org/show_bug.cgi?id=85480
Reviewed by Alexis Menard.
Each parse value helper function was checking whether the value string was empty. For the
common case this check is already done by StylePropertySet::setProperty(). So this patch
make CSSParser::parseValue() assume the value string is not empty, and fix the other two
clients.
Test: fast/html/font-face-empty-should-not-crash.html
* css/CSSParser.cpp:
(WebCore::parseColorValue): Replace the string empty check by an ASSERT() to document
function's expectations.
(WebCore::parseSimpleLengthValue): Ditto.
(WebCore::parseKeywordValue): Ditto.
(WebCore::CSSParser::parseFontFaceValue): This will be covered by the added test.
(WebCore::CSSParser::parseValue):
* css/WebKitCSSMatrix.cpp:
(WebCore::WebKitCSSMatrix::setMatrixValue): This is already covered by
transforms/cssmatrix-2d-interface.xhtml.
2012-05-03 Arpita Bahuguna <arpitabahuguna@gmail.com>
Broken handling of pseudo-elements in selectors API
https://bugs.webkit.org/show_bug.cgi?id=83446
Reviewed by Antti Koivisto.
Test: fast/dom/Window/querySelectorAll-with-pseudo-elements.html
* css/SelectorChecker.cpp:
(WebCore::SelectorChecker::SelectorChecker):
Setting the default value for the enum member m_mode to ResolvingStyle.
(WebCore::SelectorChecker::checkSelector):
Instead of verifying against the bool m_isCollectingRulesOnly, we now check whether or not
m_mode is set to ResolvingStyle.
(WebCore::SelectorChecker::checkOneSelector):
Instead of verifying against the bool m_isCollectingRulesOnly, we now check whether or not
m_mode is set to ResolvingStyle. Also, for the pseudo-elements case we check if its
value is set to QueryingRules in which case we return false.
* css/SelectorChecker.h:
(WebCore::SelectorChecker::mode):
Returns the mode (m_mode) value.
(WebCore::SelectorChecker::setMode):
Sets the mode (m_mode) to the passed enum value.
* css/StyleResolver.cpp:
(WebCore::StyleResolver::sortAndTransferMatchedRules):
(WebCore::StyleResolver::collectMatchingRulesForList):
Retrieves SelectorChecker's mode value.
* dom/SelectorQuery.cpp:
(WebCore::SelectorQuery::SelectorQuery):
Sets SelectorChecker's mode to QueryingRules.
* html/shadow/ContentSelectorQuery.cpp:
(WebCore::ContentSelectorQuery::ContentSelectorQuery):
Sets SelectorChecker's mode to CollectingRules.
2012-05-03 Pavel Feldman <pfeldman@chromium.org>
Web Inspector: EXC_BAD_ACCESS in DOM breakpoint processing code.
https://bugs.webkit.org/show_bug.cgi?id=85482
Reviewed by Yury Semikhatsky.
0 check added since we are guaranteed to get immediate parent, but not the whole ancestor tree.
* inspector/InspectorDOMDebuggerAgent.cpp:
(WebCore::InspectorDOMDebuggerAgent::descriptionForDOMEvent):
2012-05-03 Ilya Tikhonovsky <loislo@chromium.org>
Web Inspector: compile time ambiguity happens when I try to assign a TypeBuilder object to an out argument.
https://bugs.webkit.org/show_bug.cgi?id=85462
It happens because we have type casting operators for both types RefPtr<*Type*> and PassRefPtr<*Type*>.
I think we can drop PassRefPtr type casting operator and use a named function 'release'.
Reviewed by Yury Semikhatsky.
* inspector/CodeGeneratorInspector.py:
* inspector/ContentSearchUtils.cpp:
(WebCore::ContentSearchUtils::buildObjectForSearchMatch):
* inspector/InspectorApplicationCacheAgent.cpp:
(WebCore::InspectorApplicationCacheAgent::buildObjectForApplicationCache):
* inspector/InspectorPageAgent.cpp:
(WebCore::buildObjectForCookie):
(WebCore::buildObjectForSearchResult):
* inspector/InspectorResourceAgent.cpp:
(WebCore::buildObjectForTiming):
(WebCore::InspectorResourceAgent::buildInitiatorObject):
* inspector/ScriptCallFrame.cpp:
(WebCore::ScriptCallFrame::buildInspectorObject):
2012-05-03 Yury Semikhatsky <yurys@chromium.org>
Web Inspector: crash in InspectorResourceAgent::didReceiveWebSocketFrame
https://bugs.webkit.org/show_bug.cgi?id=85394
Reviewed by Pavel Feldman.
Pass string length explicitely when creating String object from non-null-terminated
char* strings.
* inspector/InspectorResourceAgent.cpp:
(WebCore):
(WebCore::InspectorResourceAgent::didReceiveWebSocketFrame):
(WebCore::InspectorResourceAgent::didSendWebSocketFrame):
2012-05-03 'Pavel Feldman' <pfeldman@chromium.org>
Not reviewed: never surround InspectorInstrumentation:: with ENABLED(INSPECTOR)
* dom/ContainerNode.cpp:
(WebCore::ContainerNode::insertBefore):
(WebCore::ContainerNode::replaceChild):
(WebCore::ContainerNode::appendChild):
(WebCore::dispatchChildRemovalEvents):
2012-04-30 Pavel Feldman <pfeldman@chromium.org>
Web Inspector: migrate breakpoint manager to live locations.
https://bugs.webkit.org/show_bug.cgi?id=85136
Reviewed by Yury Semikhatsky.
- Merges Breakpoint and UIBreakpoint to have single instance
- Extracts storage from the breakpoint manager
- Makes breakpoint manager use source mapping from the script, not the presentation model
- Removes breakpoints collection from the UISourceCode
Unfortunately, there are too many inter-dependencies that require that these changes are done simultaneously.
* inspector/front-end/BreakpointManager.js:
(WebInspector.BreakpointManager):
(WebInspector.BreakpointManager.prototype.setBreakpoint):
(WebInspector.BreakpointManager.prototype.breakpoint):
(WebInspector.BreakpointManager.prototype.breakpointLocationsForUISourceCode):
(WebInspector.BreakpointManager.prototype.removeAllBreakpoints):
(WebInspector.BreakpointManager.prototype.reset):
(WebInspector.BreakpointManager.prototype.debuggerReset):
(WebInspector.BreakpointManager.prototype._breakpointResolved):
(WebInspector.BreakpointManager.prototype._removeBreakpoint):
(WebInspector.BreakpointManager.prototype._uiLocationAdded):
(WebInspector.BreakpointManager.prototype._uiLocationRemoved):
(WebInspector.BreakpointManager.prototype.storage):
(WebInspector.BreakpointManager.Breakpoint):
(WebInspector.BreakpointManager.Breakpoint.prototype.primaryUILocation):
(WebInspector.BreakpointManager.Breakpoint.prototype._addResolvedLocation):
(WebInspector.BreakpointManager.Breakpoint.prototype.enabled):
(WebInspector.BreakpointManager.Breakpoint.prototype.setEnabled):
(WebInspector.BreakpointManager.Breakpoint.prototype.condition):
(WebInspector.BreakpointManager.Breakpoint.prototype.setCondition):
(WebInspector.BreakpointManager.Breakpoint.prototype._updateBreakpoint):
(WebInspector.BreakpointManager.Breakpoint.prototype.remove):
(WebInspector.BreakpointManager.Breakpoint.prototype._setInDebugger.didSetBreakpoint):
(WebInspector.BreakpointManager.Breakpoint.prototype._setInDebugger):
(WebInspector.BreakpointManager.Breakpoint.prototype._removeFromDebugger):
(WebInspector.BreakpointManager.Breakpoint.prototype._resetLocations):
(WebInspector.BreakpointManager.Breakpoint.prototype._breakpointStorageId):
(WebInspector.BreakpointManager.Breakpoint.prototype._fakeBreakpointAtPrimaryLocation):
(WebInspector.BreakpointManager.Storage.get this):
(WebInspector.BreakpointManager.Storage):
(WebInspector.BreakpointManager.Storage.prototype.restoreBreakpoints):
(WebInspector.BreakpointManager.Storage.prototype._updateBreakpoint):
(WebInspector.BreakpointManager.Storage.prototype._removeBreakpoint):
(WebInspector.BreakpointManager.Storage.prototype._save):
(set WebInspector.BreakpointManager.Storage.Item):
* inspector/front-end/BreakpointsSidebarPane.js:
(WebInspector.JavaScriptBreakpointsSidebarPane):
(WebInspector.JavaScriptBreakpointsSidebarPane.prototype._breakpointAdded.didRequestContent):
(WebInspector.JavaScriptBreakpointsSidebarPane.prototype._breakpointAdded):
(WebInspector.JavaScriptBreakpointsSidebarPane.prototype._breakpointRemoved):
(WebInspector.JavaScriptBreakpointsSidebarPane.prototype.highlightBreakpoint):
(WebInspector.JavaScriptBreakpointsSidebarPane.prototype._createBreakpointItemId):
(WebInspector.JavaScriptBreakpointsSidebarPane.prototype._breakpointClicked):
(WebInspector.JavaScriptBreakpointsSidebarPane.prototype._breakpointCheckboxClicked):
(WebInspector.JavaScriptBreakpointsSidebarPane.prototype._breakpointContextMenu):
* inspector/front-end/DebuggerModel.js:
(WebInspector.DebuggerModel):
(WebInspector.DebuggerModel.prototype.breakpointsActive):
(WebInspector.DebuggerModel.prototype.createLiveLocation):
* inspector/front-end/DebuggerPresentationModel.js:
(WebInspector.DebuggerPresentationModel.prototype._handleUISourceCodeListChanged):
(WebInspector.DebuggerPresentationModelResourceBinding.prototype._setContentWithInitialContent):
* inspector/front-end/JavaScriptSource.js:
(WebInspector.JavaScriptSource):
(WebInspector.JavaScriptSource.prototype.consoleMessagesCleared):
* inspector/front-end/JavaScriptSourceFrame.js:
(WebInspector.JavaScriptSourceFrame):
(WebInspector.JavaScriptSourceFrame.prototype.canEditSource):
(WebInspector.JavaScriptSourceFrame.prototype.editContent):
(WebInspector.JavaScriptSourceFrame.prototype._onContentChanged):
(WebInspector.JavaScriptSourceFrame.prototype.populateLineGutterContextMenu):
(WebInspector.JavaScriptSourceFrame.prototype.beforeTextChanged):
(WebInspector.JavaScriptSourceFrame.prototype.didEditContent):
(WebInspector.JavaScriptSourceFrame.prototype._addBreakpointDecoration):
(WebInspector.JavaScriptSourceFrame.prototype._onMouseDown):
(WebInspector.JavaScriptSourceFrame.prototype._editBreakpointCondition.finishEditing):
(WebInspector.JavaScriptSourceFrame.prototype._editBreakpointCondition):
(WebInspector.JavaScriptSourceFrame.prototype._breakpointAdded):
(WebInspector.JavaScriptSourceFrame.prototype._breakpointRemoved):
(WebInspector.JavaScriptSourceFrame.prototype.onTextViewerContentLoaded):
(WebInspector.JavaScriptSourceFrame.prototype._setBreakpoint):
(WebInspector.JavaScriptSourceFrame.prototype._continueToLine):
(WebInspector.JavaScriptSourceFrame.prototype._updateBreakpointsAfterLiveEdit):
* inspector/front-end/Script.js:
(WebInspector.Script.prototype.rawLocationToUILocation):
* inspector/front-end/ScriptsPanel.js:
(WebInspector.ScriptsPanel.prototype._uiSourceCodeAdded):
(WebInspector.ScriptsPanel.prototype._uiSourceCodeRemoved):
(WebInspector.ScriptsPanel.prototype._debuggerPaused.else.didGetUILocation):
(WebInspector.ScriptsPanel.prototype._debuggerPaused):
(WebInspector.ScriptsPanel.prototype._uiSourceCodeReplaced):
* inspector/front-end/UISourceCode.js:
(WebInspector.UISourceCode.prototype.contentChanged):
2012-05-03 Andrey Kosyakov <caseq@chromium.org>
Unreviewed attemp to fix chromium win build broken at r115943.
* notifications/NotificationClient.h:
(WebCore):
2012-05-03 Vivek Galatage <vivekgalatage@gmail.com>
Linker warnings due to duplicate symbols for SimplifyMarkupCommand.cpp on Windows
https://bugs.webkit.org/show_bug.cgi?id=85467
Reviewed by Ryosuke Niwa.
Removed the multiple inclusion of the file SimplifyMarkupCommand.cpp
No new tests required.
* WebCore.vcproj/WebCore.vcproj:
2012-05-03 Uday Kiran <udaykiran@motorola.com>
CSS clip: auto clips to box borders instead of removing clipping
https://bugs.webkit.org/show_bug.cgi?id=36772
Reviewed by Andreas Kling.
According to CSS 2.1 spec, http://www.w3.org/TR/CSS2/visufx.html#propdef-clip,
clip property with value 'auto' the element does not clip.
Also getPropertyValue for clip when auto is specified should return "auto"
and not "rect(0px 0px 0px 0px)".
Tests: css2.1/20110323/clip-001-expected.html
css2.1/20110323/clip-001.html
* css/StyleBuilder.cpp:
(WebCore::ApplyPropertyClip::applyValue):
2012-05-02 Antti Koivisto <antti@apple.com>
Add temporary feature define for parsed stylesheet caching
https://bugs.webkit.org/show_bug.cgi?id=85413
Rubber-stamped by Nikolas Zimmermann.
While not an externally visible feature this is still a significant internal change.
It is good to have define in case someone has an urgent need to turn it off.
Caching is enabled by default on all platforms. The define should be removed after some bake time.
* html/HTMLLinkElement.cpp:
(WebCore::HTMLLinkElement::setCSSStyleSheet):
2012-05-03 Nikolas Zimmermann <nzimmermann@rim.com>
Accumulation for values-animation is broken
https://bugs.webkit.org/show_bug.cgi?id=85158
Reviewed by Zoltan Herczeg.
Follow-up patch: Add const Foo& foo() const accessors to SVGAnimatedType,
to avoid the "Foo& foo = animated->foo()" idiom in all cases where we
don't need to mutate 'foo'. Use "const Foo& foo = animated->foo()" instead.
Inline all of these methods to avoid the function call overhead.
For to-animations we actually mutated the from value before, but it wasn't a
problem in practive, as we did that on every animation step. Fully avoid these
inconsitencies by never mutating the from/to types stored in SVGAnimateElement.
Cache toAtEndOfDurationType just like m_toType/m_fromType in SVGAnimateElement,
to avoid reconstructing it on every animation step.
No new tests, only design/performance fixes.
* svg/SVGAnimateElement.cpp:
(WebCore::SVGAnimateElement::calculateAnimatedValue):
(WebCore::SVGAnimateElement::calculateToAtEndOfDurationValue):
(WebCore::SVGAnimateElement::targetElementWillChange):
* svg/SVGAnimateElement.h:
(SVGAnimateElement):
* svg/SVGAnimateMotionElement.cpp:
(WebCore::SVGAnimateMotionElement::SVGAnimateMotionElement):
(WebCore::SVGAnimateMotionElement::calculateToAtEndOfDurationValue):
(WebCore::SVGAnimateMotionElement::calculateFromAndToValues):
(WebCore::SVGAnimateMotionElement::calculateFromAndByValues):
(WebCore::SVGAnimateMotionElement::calculateAnimatedValue):
* svg/SVGAnimateMotionElement.h:
(SVGAnimateMotionElement):
* svg/SVGAnimatedAngle.cpp:
(WebCore::SVGAnimatedAngleAnimator::addAnimatedTypes):
(WebCore::SVGAnimatedAngleAnimator::calculateAnimatedValue):
* svg/SVGAnimatedBoolean.cpp:
(WebCore::SVGAnimatedBooleanAnimator::calculateAnimatedValue):
* svg/SVGAnimatedColor.cpp:
(WebCore::SVGAnimatedColorAnimator::calculateAnimatedValue):
* svg/SVGAnimatedEnumeration.cpp:
(WebCore::SVGAnimatedEnumerationAnimator::calculateAnimatedValue):
* svg/SVGAnimatedInteger.cpp:
(WebCore::SVGAnimatedIntegerAnimator::calculateAnimatedValue):
* svg/SVGAnimatedIntegerOptionalInteger.cpp:
(WebCore::SVGAnimatedIntegerOptionalIntegerAnimator::addAnimatedTypes):
(WebCore::SVGAnimatedIntegerOptionalIntegerAnimator::calculateAnimatedValue):
* svg/SVGAnimatedLength.cpp:
(WebCore::SVGAnimatedLengthAnimator::addAnimatedTypes):
(WebCore::SVGAnimatedLengthAnimator::calculateAnimatedValue):
* svg/SVGAnimatedLengthList.cpp:
(WebCore::SVGAnimatedLengthListAnimator::addAnimatedTypes):
(WebCore::SVGAnimatedLengthListAnimator::calculateAnimatedValue):
* svg/SVGAnimatedNumber.cpp:
(WebCore::SVGAnimatedNumberAnimator::calculateAnimatedValue):
* svg/SVGAnimatedNumberList.cpp:
(WebCore::SVGAnimatedNumberListAnimator::addAnimatedTypes):
(WebCore::SVGAnimatedNumberListAnimator::calculateAnimatedValue):
* svg/SVGAnimatedNumberOptionalNumber.cpp:
(WebCore::SVGAnimatedNumberOptionalNumberAnimator::addAnimatedTypes):
(WebCore::SVGAnimatedNumberOptionalNumberAnimator::calculateAnimatedValue):
* svg/SVGAnimatedPath.cpp:
(WebCore::SVGAnimatedPathAnimator::calculateAnimatedValue):
* svg/SVGAnimatedPointList.cpp:
(WebCore::SVGAnimatedPointListAnimator::addAnimatedTypes):
(WebCore::SVGAnimatedPointListAnimator::calculateAnimatedValue):
* svg/SVGAnimatedPreserveAspectRatio.cpp:
(WebCore::SVGAnimatedPreserveAspectRatioAnimator::calculateAnimatedValue):
* svg/SVGAnimatedRect.cpp:
(WebCore::SVGAnimatedRectAnimator::calculateAnimatedValue):
* svg/SVGAnimatedString.cpp:
(WebCore::SVGAnimatedStringAnimator::calculateAnimatedValue):
* svg/SVGAnimatedTransformList.cpp:
(WebCore::SVGAnimatedTransformListAnimator::addAnimatedTypes):
(WebCore::SVGAnimatedTransformListAnimator::calculateAnimatedValue):
* svg/SVGAnimatedType.cpp:
* svg/SVGAnimatedType.h:
(WebCore::SVGAnimatedType::angleAndEnumeration):
(SVGAnimatedType):
(WebCore::SVGAnimatedType::boolean):
(WebCore::SVGAnimatedType::color):
(WebCore::SVGAnimatedType::enumeration):
(WebCore::SVGAnimatedType::integer):
(WebCore::SVGAnimatedType::integerOptionalInteger):
(WebCore::SVGAnimatedType::length):
(WebCore::SVGAnimatedType::lengthList):
(WebCore::SVGAnimatedType::number):
(WebCore::SVGAnimatedType::numberList):
(WebCore::SVGAnimatedType::numberOptionalNumber):
(WebCore::SVGAnimatedType::path):
(WebCore::SVGAnimatedType::pointList):
(WebCore::SVGAnimatedType::preserveAspectRatio):
(WebCore::SVGAnimatedType::rect):
(WebCore::SVGAnimatedType::string):
(WebCore::SVGAnimatedType::transformList):
* svg/SVGAnimationElement.cpp:
(WebCore::SVGAnimationElement::currentValuesForValuesAnimation):
(WebCore::SVGAnimationElement::startedActiveInterval):
(WebCore::SVGAnimationElement::updateAnimation):
* svg/SVGAnimationElement.h:
(WebCore::SVGAnimationElement::adjustFromToListValues):
(WebCore::SVGAnimationElement::animateDiscreteType):
(SVGAnimationElement):
2012-05-02 Alexander Færøy <ahf@0x90.dk>
Rename deviceDPI to devicePixelRatio
https://bugs.webkit.org/show_bug.cgi?id=85049
Reviewed by Kenneth Rohde Christiansen.
No new tests added since this is a minor refactoring with no changes
that should affect tests.
* page/Settings.cpp:
(WebCore::Settings::Settings):
* page/Settings.h:
(WebCore::Settings::setDevicePixelRatio):
(WebCore::Settings::devicePixelRatio):
(Settings):
2012-05-03 Nikolas Zimmermann <nzimmermann@rim.com>
Fix multiple begin values support - especially with seeking through setCurrentTime
https://bugs.webkit.org/show_bug.cgi?id=85372
Reviewed by Zoltan Herczeg.
Multiple begin values aka. begin="0s; 2s" aren't correctly handled - resulting in broken & unexpected behavior.
Supporting seeking properly on documents containing such animations is very important, otherwise we can't reliable
test animations using either reftests or the SVG JS animation test framework.
Testcase:
<rect height="100" fill="green">
<animate attributeName="width" begin="0s; 2s" dur="8s" from="0" to="100" fill="freeze"/>
</rect>
What's expected?
Two times should be contained in the 'begin' times list in SVGSMILElement: m_beginTimes = { 0s, 2s }.
The initial first resolved interval is: m_intervalBegin=0.0s, m_intervalEnd=8.0s.
During t=0s..1.9999s the m_intervalBegin/m_intervalEnd are correct.
At t=2s, a new interval can be started. m_intervalEnd should be set to nextBeginTime, where nextBeginTime=2s.
The current interval should get cropped to: m_intervalBegin=0s, m_intervalEnd=2s. The following call to
resolveNextInterval() sees that elapsed >= m_intervalEnd, and thus moves on to the next interval.
m_intervalBegin should be 2s and m_intervalEnd=10s after that.
In trunk this behavior is only partly implemented and broken. Especially broken together with seeking via SVGSVGElement.setCurrentTime.
That's because we don't correctly seek to the right interval in case of multiple begin values, eg. if we sample an animation with
begin="0s; 3s" dur="6s" we always remain in the first interval and don't move on.
Fix all of these issues, making lots more tests work in Dr. Olaf Hofmanns SVG Animation test suite.
Tests: svg/animations/multiple-begin-additive-animation.html
svg/animations/multiple-begin-animation-discrete-expected.svg
svg/animations/multiple-begin-animation-discrete.svg
svg/animations/multiple-begin-animation-expected.svg
svg/animations/multiple-begin-animation.svg
* svg/animation/SMILTimeContainer.cpp:
(WebCore::SMILTimeContainer::begin):
(WebCore::SMILTimeContainer::setElapsed):
(WebCore::SMILTimeContainer::updateAnimations):
* svg/animation/SMILTimeContainer.h:
(SMILTimeContainer):
* svg/animation/SVGSMILElement.cpp:
(WebCore::SVGSMILElement::findInstanceTime):
(WebCore::SVGSMILElement::resolveInterval):
(WebCore::SVGSMILElement::resolveNextInterval):
(WebCore):
(WebCore::SVGSMILElement::checkRestart):
(WebCore::SVGSMILElement::seekToIntervalCorrespondingToTime):
(WebCore::SVGSMILElement::progress):
* svg/animation/SVGSMILElement.h:
(SVGSMILElement):
2012-05-03 Dana Jansens <danakj@chromium.org>
[chromium] Don't add small opaque areas to the occlusion tracker's Region
https://bugs.webkit.org/show_bug.cgi?id=85297
Reviewed by Adrienne Walker.
Don't add small opaque areas (smaller than 160x160) to the occlusion
tracker's Region objects to avoid high Region::unite() costs.
We would like Region to just be fast enough that this isn't a concern,
and there are patches in flight to do this, but at the moment, small
opaque areas add significant cost if there is many of them, for
potentially small gains since they do not cover entire tiles.
Comments in http://code.google.com/p/chromium/issues/detail?id=124687
motivate this approach for now, and point to around 160x160 being
a reasonable threshold.
Removes the opaque paint tracking flag while we're here. The flag is
no longer used, and was broken when we moved the "paint vs opaque
flag" distinction out to the layers.
Unit test: CCOcclusionTrackerTestMinimumTrackingSize
* platform/graphics/chromium/cc/CCLayerTreeHost.cpp:
(WebCore::CCLayerTreeHost::paintLayerContents):
* platform/graphics/chromium/cc/CCLayerTreeHostImpl.cpp:
(WebCore::CCLayerTreeHostImpl::calculateRenderPasses):
* platform/graphics/chromium/cc/CCOcclusionTracker.cpp:
(WebCore::::CCOcclusionTrackerBase):
(WebCore::addOcclusionBehindLayer):
(WebCore::::markOccludedBehindLayer):
* platform/graphics/chromium/cc/CCOcclusionTracker.h:
(WebCore::CCOcclusionTrackerBase::setMinimumTrackingSize):
(CCOcclusionTrackerBase):
(WebCore::CCOcclusionTrackerBase::preferredMinimumTrackingSize):
2012-05-02 Jon Lee <jonlee@apple.com>
Migrate permission functions to Notification from NotificationCenter
https://bugs.webkit.org/show_bug.cgi?id=80485
<rdar://problem/10965458>
Reviewed by Jian Li.
* notifications/Notification.idl: Add permission functions.
* notifications/DOMWindowNotifications.idl: Wrap webkitNotifications as part of legacy API.
* notifications/Notification.cpp: New permission functions are wrapped with ENABLE(NOTIFICATIONS)
(WebCore::Notification::taskTimerFired): Use the new permission functions to determine whether we can show the
notification.
(WebCore::Notification::permissionLevel):
(WebCore::Notification::permissionString): Declare three static locals for each of the values, and return
based on the permission enum.
(WebCore::Notification::requestPermission): Forward request to client.
* notifications/Notification.h:
* notifications/NotificationPermissionCallback.h: Added.
(NotificationPermissionCallback):
(WebCore::NotificationPermissionCallback::~NotificationPermissionCallback):
* notifications/NotificationPermissionCallback.idl: Added.
* notifications/NotificationCenter.cpp: Wrap permission functions in ENABLE(LEGACY_NOTIFICATIONS)
* notifications/NotificationCenter.h: Wrap permission functions in ENABLE(LEGACY_NOTIFICATIONS)
* notifications/NotificationCenter.idl: Refactor conditionals to make the center available only when
ENABLE(LEGACY_NOTIFICATIONS) is on.
* notifications/NotificationPresenter.h:
(WebCore::NotificationPresenter::requestPermission): Add new requestPermission() function for new
NotificationPermissionCallback type. Make it a stub implementation until all ports have adopted.
* notifications/NotificationClient.h: Add another requestPermission() client call, wrapped in
ENABLE(NOTIFICATIONS) that accepts the NotificationPermissionCallback. Wrap the original one in
ENABLE(LEGACY_NOTIFICATIONS).
* bindings/js/JSDesktopNotificationsCustom.cpp: Change to include the implementation only in
ENABLE(LEGACY_NOTIFICATIONS).
* bindings/js/JSNotificationsCustom.cpp: Custom implementation of requestPermission().
* bindings/v8/custom/V8NotificationCustom.cpp: Custom implementation of requestPermission().
* notifications/WorkerContextNotifications.idl: Make webktNotifications available only in legacy API.
* CMakeLists.txt: Add new callback idl.
* DerivedSources.make: Add new callback idl.
* DerivedSources.pri: Add new callback idl.
* GNUmakefile.list.am: Add NotificationPermissionCallback files.
* Target.pri: Include JSNotificationCustom.cpp, V8NotificationCustom.cpp
* UseJSC.cmake: Include JSNotificationCustom.cpp
* UseV8.cmake: Include V8NotificationCustom.cpp
* WebCore.gypi: Include JSNotificationCustom.cpp, V8NotificationCustom.cpp, JSNotificationPermissionCallback.{h,cpp}
* WebCore.vcproj/WebCore.vcproj: Include JSNotificationCustom.cpp, JSNotificationPermissionCallback.{h,cpp}
* WebCore.exp.in: Export permissionString().
* WebCore.xcodeproj/project.pbxproj: Add callback idl, h, and cpp files.
2012-05-02 Sheriff Bot <webkit.review.bot@gmail.com>
Unreviewed, rolling out r115907.
http://trac.webkit.org/changeset/115907https://bugs.webkit.org/show_bug.cgi?id=85458
It broke all viewport tests on Qt and on GTK (Requested by
Ossy on #webkit).
* dom/ViewportArguments.cpp:
(WebCore::computeViewportAttributes):
* dom/ViewportArguments.h:
(ViewportAttributes):
2012-05-02 Gustavo Noronha Silva <gns@gnome.org>
[GTK] Finish moving modules into libWebCoreModules.la
https://bugs.webkit.org/show_bug.cgi?id=85449
Unreviewed build fix.
* GNUmakefile.list.am: move remaining modules source files into the
libWebCoreModules library, this should fix the problems people had
building the 1.9.1 tarball with unpatched make.
2012-05-02 Dongwoo Im <dw.im@samsung.com>
[EFL] Unreviewed, Fix build break when WEB_AUDIO is enabled.
https://bugs.webkit.org/show_bug.cgi?id=85443
Unreviewed build fix.
Three new files were added in the Modules/webaudio directory.
These files should be included into the CMakeLists.txt file.
* CMakeLists.txt: Add the newly created files into the CMakeLists.txt
2012-05-02 Eric Seidel <eric@webkit.org>
Sort ENABLE_ defines in FeatureDefines.xcconfig files to make them easier to compare with one another (and easier to autogenerate)
https://bugs.webkit.org/show_bug.cgi?id=85433
Reviewed by Adam Barth.
I have a script which can autogenerate these xcconfig files as well as the
vsprops files (and soon the Chromium, cmake, gnumake and qmake) feature lists
from a central feature list file.
In preparation for posting such a tool, I'm re-sorting these xcconfig files to be
alphabetically ordered (currently they're close, but not quite).
There is also at least one inconsistency between these files (CSS_LEGACY_PREFIXES) which
I will fix in a second pass. I will also sort the FEATURE_DEFINES = line in a follow-up patch.
* Configurations/FeatureDefines.xcconfig:
2012-05-02 Dana Jansens <danakj@chromium.org>
[chromium] Don't occlude pixels in a surface that are needed for a background filter blur
https://bugs.webkit.org/show_bug.cgi?id=84317
Reviewed by Adrienne Walker.
Blur filters move pixels around, so a pixel can influence the value of
pixels at some distance away. If a pixel is not occluded, then all
pixels within the radius of the blur may influence the value of that
pixel, so they should also stay unoccluded.
For background filters, the pixels are read from the filter's target
surface, so we remove occlusion from that target surface from pixels
that will blur into visible pixels.
Unit test: CCOcclusionTrackerTestDontOccludePixelsNeededForBackgroundFilter
CCOcclusionTrackerTestTwoBackgroundFiltersReduceOcclusionTwice
CCOcclusionTrackerTestDontOccludePixelsNeededForBackgroundFilterWithClip
CCOcclusionTrackerTestDontReduceOcclusionBelowBackgroundFilter
CCOcclusionTrackerTestDontReduceOcclusionIfBackgroundFilterIsOccluded
CCOcclusionTrackerTestReduceOcclusionWhenBackgroundFilterIsPartiallyOccluded
* platform/graphics/chromium/cc/CCOcclusionTracker.cpp:
(WebCore::reduceOcclusion):
(WebCore):
(WebCore::reduceOcclusionBelowSurface):
(WebCore::::leaveToTargetRenderSurface):
(WebCore::::unoccludedContributingSurfaceContentRect):
* platform/graphics/chromium/cc/CCOcclusionTracker.h:
(CCOcclusionTrackerBase):
* platform/graphics/chromium/cc/CCQuadCuller.cpp:
(WebCore::CCQuadCuller::appendSurface):
(WebCore::CCQuadCuller::appendReplica):
2012-05-02 Levi Weintraub <leviw@chromium.org>
Convert FractionalLayoutUnit overflow assertions to stderr warnings
https://bugs.webkit.org/show_bug.cgi?id=85393
Reviewed by Eric Seidel.
Writing warnings to stderr when FractionalLayoutUnits overflow on debug builds instead of asserting
and crashing. It can be very useful to WebKit developers know when overflow is occurring, but it's
not always a programming error, so assert wasn't the right action.
No new tests. No change in behavior.
* platform/FractionalLayoutUnit.h:
(WebCore):
(WebCore::FractionalLayoutUnit::FractionalLayoutUnit):
(WebCore::FractionalLayoutUnit::toUnsigned):
(WebCore::FractionalLayoutUnit::setRawValue):
2012-04-18 Jon Honeycutt <jhoneycutt@apple.com>
FrameLoaderClient::dispatchWillSendSubmitEvent() should be given more
information about the form being submitted
https://bugs.webkit.org/show_bug.cgi?id=84297
Reviewed by Andy Estes.
* html/HTMLFormElement.cpp:
(WebCore::HTMLFormElement::prepareForSubmission):
Get the form field names and values, and use them to create a FormState
object. Pass this object when calling dispatchWillSendSubmitEvent().
(WebCore::HTMLFormElement::getTextFieldValues):
Loop over the associated elements, looking for <input> elements.
Collect their names and values.
* html/HTMLFormElement.h:
Declare getTextFieldData().
* loader/EmptyClients.h:
(WebCore::EmptyFrameLoaderClient::dispatchWillSendSubmitEvent):
Updated declaration for new parameter type.
* loader/FrameLoaderClient.h:
Updated declaration of dispatchWillSendSubmitEvent() for new param
type.
2012-04-13 Jon Honeycutt <jhoneycutt@apple.com>
Make Page::setDefersLoading() have a call count so that each time
loading is deferred, it must be balanced with a call to resume.
https://bugs.webkit.org/show_bug.cgi?id=84522
Reviewed by Andy Estes.
* page/Page.cpp:
(WebCore::Page::Page):
Initialize new call count member.
(WebCore::Page::setDefersLoading):
Check whether the callers wants balanced defer/resume loading behavior.
If the call count is not changing from 0 to 1 or 1 to 0, return early.
Otherwise, defer or resume loading for frames in this page.
* page/Page.h:
(WebCore::Page::defersLoading):
Added a member to hold the call count.
* page/Settings.cpp:
(WebCore::Settings::Settings):
Initialized new member m_wantsBalancedSetDefersLoadingBehavior.
* page/Settings.h:
(Settings):
Added new member m_wantsBalancedSetDefersLoadingBehavior.
(WebCore::Settings::setWantsBalancedSetDefersLoadingBehavior):
Setter.
(WebCore::Settings::wantsBalancedSetDefersLoadingBehavior):
Getter.
2012-05-02 Ojan Vafai <ojan@chromium.org>
Add a histogram for rendertree size
https://bugs.webkit.org/show_bug.cgi?id=85226
Reviewed by Eric Seidel.
We record it when the page gets hidden, since this is a point
at which, in theory, we could kill the rendertree.
No new tests. This isn't web visible, so there's no way to test it.
* loader/FrameLoader.cpp:
(WebCore::FrameLoader::clear):
* page/Page.cpp:
(WebCore::Page::renderTreeSize):
(WebCore):
(WebCore::Page::setVisibilityState):
* page/Page.h:
(Page):
* platform/HistogramSupport.cpp:
(WebCore::HistogramSupport::histogramCustomCounts):
(WebCore):
* platform/HistogramSupport.h:
(HistogramSupport):
* platform/chromium/HistogramSupportChromium.cpp:
(WebCore::HistogramSupport::histogramCustomCounts):
(WebCore):
2012-05-02 Sheriff Bot <webkit.review.bot@gmail.com>
Unreviewed, rolling out r115902.
http://trac.webkit.org/changeset/115902https://bugs.webkit.org/show_bug.cgi?id=85441
Compile failure on linux 32 (Requested by zhenyao on #webkit).
* Modules/indexeddb/IDBBackingStore.h:
(IDBBackingStore):
* Modules/indexeddb/IDBLevelDBBackingStore.cpp:
(WebCore::IDBLevelDBBackingStore::nextAutoIncrementNumber):
* Modules/indexeddb/IDBLevelDBBackingStore.h:
(IDBLevelDBBackingStore):
* Modules/indexeddb/IDBObjectStoreBackendImpl.cpp:
(WebCore::IDBObjectStoreBackendImpl::putInternal):
(WebCore::IDBObjectStoreBackendImpl::genAutoIncrementKey):
* Modules/indexeddb/IDBObjectStoreBackendImpl.h:
(IDBObjectStoreBackendImpl):
2012-05-02 Julien Chaffraix <jchaffraix@webkit.org>
Add ASSERTs to avoid querying dirtied z-index or normal flow lists on RenderLayer
https://bugs.webkit.org/show_bug.cgi?id=84920
Reviewed by Simon Fraser.
Covered by existing tests in Debug (at least several time!).
This change adds some ASSERTs on RenderLayer that prevent any use of its lists if they
are dirtied.
On top of this change, we added an invariant that non-stacking contexts should have their
z-index lists NULL (instead of empty or NULL previously). This is enforced at
updateZOrderLists time as we now ensure that it is called in a timely manner.
* rendering/RenderLayer.cpp:
(WebCore::RenderLayer::calculateLayerBounds):
Added call to updateLayersIfNeeded as we will query them later and there is no guarantee
that they are not dirty (we recurse in our children as part of calculateLayerBounds).
This was causing the new ASSERTs to trigger on css3/filter/ tests.
(WebCore::RenderLayer::dirtyZOrderLists):
Added a comment as to why we can't ASSERT that we are in a stacking context here.
(WebCore::RenderLayer::rebuildZOrderLists):
Added an ASSERT that we only rebuild z-index lists for dirtied stacking context.
(WebCore::RenderLayer::updateLayerListsIfNeeded):
Updated to ensure that the reflection layer has its layers updated too. This was triggering
the new ASSERTs on fast/runins/run-in-layer-not-removed-crash.html.
(WebCore::RenderLayer::updateCompositingAndLayerListsIfNeeded):
Updated to use the new isDirtyStackingContext function.
* rendering/RenderLayer.h:
(WebCore::RenderLayer::isDirtyStackingContext):
New helper function. Also made updateLayerListsIfNeeded() the only way
to update layer. That should prevent any misuse.
(WebCore::RenderLayer::posZOrderList):
(WebCore::RenderLayer::negZOrderList):
(WebCore::RenderLayer::normalFlowList):
ASSERT that we don't query any of the previous lists if they are dirty. Also
enforce the invariant that non-stacking contexts should have NULL z-index lists.
(WebCore::RenderLayer::clearZOrderLists):
New function to clearZOrderLists so that we can enfore the previous invariant.
(WebCore::RenderLayer::updateZOrderLists):
Updated to clear the dirty flag and the z-index lists for non-stacking context.
* rendering/RenderLayerCompositor.cpp:
(WebCore::RenderLayerCompositor::addToOverlapMapRecursive):
(WebCore::RenderLayerCompositor::computeCompositingRequirements):
(WebCore::RenderLayerCompositor::rebuildCompositingLayerTree):
Removed the explicit ASSERTs.
(WebCore::RenderLayerCompositor::updateLayerTreeGeometry):
(WebCore::RenderLayerCompositor::canBeComposited):
Disabled compositing on RenderLayer in flow thread. Because flow thread's
RenderLayer are not collected as part of RenderLayer's lists and could be composited,
this was causing the new ASSERTs to trigger (e.g. on fast/regions/webkit-flow-renderer-layer.html).
* rendering/RenderTreeAsText.cpp:
(WebCore::writeLayers):
Updated to use updateLayerListsIfNeeded().
2012-05-02 Levi Weintraub <leviw@chromium.org>
Remove unused adjustForAbsoluteZoom method in RenderObject.h
https://bugs.webkit.org/show_bug.cgi?id=85396
Reviewed by Eric Seidel.
We only want to use the integer adjustForAbsoluteZoom method, so this remnant is both unused
and potentially confusing.
No new tests. Removing unused code.
* rendering/RenderObject.h:
(WebCore):
2012-05-02 Fady Samuel <fsamuel@chromium.org>
Removing line in computeViewportAttributes that enforces a minimum scale factor to never allow zooming out more than viewport
https://bugs.webkit.org/show_bug.cgi?id=70609
Reviewed by Kenneth Rohde Christiansen.
Make ViewportAttributes' layoutSize be a FloatRect to avoid rounding
too early, and the occasional off by one fixed layout dimensions.
* dom/ViewportArguments.cpp:
(WebCore::computeViewportAttributes):
* dom/ViewportArguments.h:
(ViewportAttributes):
2012-05-02 Joshua Bell <jsbell@chromium.org>
IndexedDB: Handle generated keys up to 2^53
https://bugs.webkit.org/show_bug.cgi?id=85114
The spec defines the behavior for generated keys up to 2^53
(the maximum integer storable as an ECMAScript number) and
the error case when going beyond that. Ensure that we can
handle values up to that point and generate errors beyond.
Reviewed by Tony Chang.
Test: storage/indexeddb/key-generator.html
* Modules/indexeddb/IDBBackingStore.h:
(IDBBackingStore):
* Modules/indexeddb/IDBLevelDBBackingStore.cpp:
(WebCore::IDBLevelDBBackingStore::nextAutoIncrementNumber):
* Modules/indexeddb/IDBLevelDBBackingStore.h:
(IDBLevelDBBackingStore):
* Modules/indexeddb/IDBObjectStoreBackendImpl.cpp:
(WebCore::IDBObjectStoreBackendImpl::putInternal):
(WebCore::IDBObjectStoreBackendImpl::genAutoIncrementKey):
* Modules/indexeddb/IDBObjectStoreBackendImpl.h:
(IDBObjectStoreBackendImpl):
2012-05-02 Adam Klein <adamk@chromium.org>
Childlist mutations in shadow DOM should be observable with MutationObservers
https://bugs.webkit.org/show_bug.cgi?id=85402
Reviewed by Ojan Vafai.
Though Mutation Events are not supported in Shadow DOM,
MutationObservers are supposed to be. Due to a misplacement of the
ChildListMutationScope, they were erroneously getting skipped.
This patch moves code around to properly notify when childlist are
mutated in shadow DOM and covers that change with a new test.
Test: fast/mutation/shadow-dom.html
* dom/ContainerNode.cpp:
(WebCore::willRemoveChild): Handle notification of removal directly.
(WebCore::willRemoveChildren): ditto.
(WebCore::dispatchChildInsertionEvents): Remove notification of insertion.
(WebCore::dispatchChildRemovalEvents): Remove notification of removal.
(WebCore::updateTreeAfterInsertion): Handle notification of insertion directly.
2012-05-02 Eric Carlson <eric.carlson@apple.com>
Crash in WebCore::TextTrackList::remove
https://bugs.webkit.org/show_bug.cgi?id=85095
Reviewed by Maciej Stachowiak.
Test: media/track/track-remove-quickly.html
* html/HTMLMediaElement.cpp:
(WebCore::HTMLMediaElement::willRemoveTrack): Return immediately if the tracks collection
has not been allocated yet.
2012-05-02 David Barton <dbarton@mathscribe.com>
After appending MathML with jquery the table renders with overlaps
https://bugs.webkit.org/show_bug.cgi?id=52444
Reviewed by Julien Chaffraix.
This patch also fixes bugs 72834 and 47781. The main problem is that correct preferred
logical widths are affected by operator stretching. Thus we add a call to
setNeedsLayoutAndPrefWidthsRecalc() after the stretching code in
RenderMathMLOperator.cpp, and change RenderMathMLBlock and RenderMathMLRow to make sure
that stretching of children is done before an <mrow>'s preferred logical widths are
computed.
Test: Added a test to mathml/presentation/mo-stretch.html
* rendering/mathml/RenderMathMLBlock.cpp:
(WebCore::RenderMathMLBlock::RenderMathMLBlock):
(WebCore::RenderMathMLBlock::computePreferredLogicalWidths):
(WebCore::RenderMathMLBlock::computeChildrenPreferredLogicalHeights):
(WebCore::RenderMathMLBlock::preferredLogicalHeightAfterSizing):
* rendering/mathml/RenderMathMLBlock.h:
(WebCore::RenderMathMLBlock::unembellishedOperator):
(WebCore::RenderMathMLBlock::isPreferredLogicalHeightDirty):
(WebCore::RenderMathMLBlock::preferredLogicalHeight):
(WebCore::RenderMathMLBlock::setPreferredLogicalHeight):
- Add m_preferredLogicalHeight and methods to compute and return it.
- Remove stretchToHeight() from most classes as it no longer needs to be done
recursively. We just call it on the base of an embellished operator, and that
calls setNeedsLayoutAndPrefWidthsRecalc() to mark itself and its container
chain.
* rendering/mathml/RenderMathMLOperator.cpp:
(WebCore::RenderMathMLOperator::stretchToHeight):
- Don't compare an unexpanded height to an expanded one.
(WebCore::RenderMathMLOperator::computePreferredLogicalWidths):
(WebCore::RenderMathMLOperator::updateFromElement):
- After stretching, call setNeedsLayoutAndPrefWidthsRecalc().
* rendering/mathml/RenderMathMLOperator.h:
(RenderMathMLOperator):
* rendering/mathml/RenderMathMLRow.cpp:
(WebCore::RenderMathMLRow::computePreferredLogicalWidths):
(WebCore::RenderMathMLRow::layout):
* rendering/mathml/RenderMathMLRow.h:
(RenderMathMLRow):
- Add computePreferredLogicalWidths(), using computeChildrenPreferredLogicalHeights()
to compute our children's preferred logical heights if necessary, followed by
operator stretching.
* rendering/mathml/RenderMathMLSubSup.cpp:
* rendering/mathml/RenderMathMLSubSup.h:
(RenderMathMLSubSup):
* rendering/mathml/RenderMathMLUnderOver.cpp:
* rendering/mathml/RenderMathMLUnderOver.h:
(RenderMathMLUnderOver):
2012-05-02 Dana Jansens <danakj@chromium.org>
[chromium] Avoid extra Region copies in CCOcclusionTracker
https://bugs.webkit.org/show_bug.cgi?id=85257
Reviewed by Adrienne Walker.
Instead of making a Region for each layer and then uniting the region
with the current occlusion, directly add the rects for the given layer
to the current occlusion.
When subtracting a region from a rect, just subtract the region
directly instead of computing the intersecting region.
Covered by existing tests.
* platform/graphics/chromium/cc/CCOcclusionTracker.cpp:
(WebCore::addOcclusionBehindLayer):
(WebCore::::markOccludedBehindLayer):
(WebCore::rectSubtractRegion):
2012-05-02 Keith Rosenblatt <keith.rosenblatt@nokia.com>
[Qt] ASSERT in FontCustomPlatformDataQt.cpp with invalid font in data URI
https://bugs.webkit.org/show_bug.cgi?id=85089
Reviewed by Simon Hausmann.
Do not return data referencing an invalid QRawFont from createFontCustomPlatformData(). Instead
return null.
Test: fast/css/font-face-data-uri-invalid.html
* platform/graphics/qt/FontCustomPlatformDataQt.cpp:
(WebCore::createFontCustomPlatformData):
2012-05-02 Michal Mocny <mmocny@google.com>
[chromium] Set contents texture manager preferred memory limit based on GpuMemoryManager suggestion.
https://bugs.webkit.org/show_bug.cgi?id=84270
Reviewed by Kenneth Russell.
Updates the content texture manager memory limits based on GpuMemoryManager memory allocation suggestions.
The memory allocation size (in bytes) is fed from LayerRendererChromium memory allocation changed callback
handler to CCLayerTreeHost. At that point we adjust the limits, using the existing notions of preferred and
max limits.
On android, the preferred limit is half the maximum (as it has always been), but on all other platforms the
preferred limit is now equal to max, in order to allow more agressive prepainting.
Finally, android has memory constraints dependant on viewportSize, but that logic has been pushed into
the GpuMemoryManager.
* platform/graphics/chromium/LayerRendererChromium.cpp:
(WebCore::LayerRendererGpuMemoryAllocationChangedCallbackAdapter::onGpuMemoryAllocationChanged):
(WebCore::LayerRendererChromium::beginDrawingFrame):
* platform/graphics/chromium/LayerRendererChromium.h:
(LayerRendererChromiumClient):
* platform/graphics/chromium/TextureManager.cpp:
(WebCore::TextureManager::setMemoryAllocationLimitBytes):
(WebCore):
* platform/graphics/chromium/TextureManager.h:
(TextureManager):
* platform/graphics/chromium/cc/CCLayerTreeHost.cpp:
(WebCore::CCLayerTreeHost::setViewportSize):
(WebCore::CCLayerTreeHost::setContentsMemoryAllocationLimitBytes):
(WebCore):
* platform/graphics/chromium/cc/CCLayerTreeHost.h:
(CCLayerTreeHost):
* platform/graphics/chromium/cc/CCLayerTreeHostImpl.cpp:
(WebCore::CCLayerTreeHostImpl::setContentsMemoryAllocationLimitBytes):
(WebCore):
* platform/graphics/chromium/cc/CCLayerTreeHostImpl.h:
(CCLayerTreeHostImplClient):
* platform/graphics/chromium/cc/CCSingleThreadProxy.cpp:
(WebCore::CCSingleThreadProxy::postSetContentsMemoryAllocationLimitBytesToMainThreadOnImplThread):
(WebCore):
* platform/graphics/chromium/cc/CCSingleThreadProxy.h:
* platform/graphics/chromium/cc/CCThreadProxy.cpp:
(WebCore::CCThreadProxy::postSetContentsMemoryAllocationLimitBytesToMainThreadOnImplThread):
(WebCore):
(WebCore::CCThreadProxy::setContentsMemoryAllocationLimitBytes):
* platform/graphics/chromium/cc/CCThreadProxy.h:
(CCThreadProxy):
2012-05-02 Emil A Eklund <eae@chromium.org>
Fix usage of layout types in platform code
https://bugs.webkit.org/show_bug.cgi?id=85392
Reviewed by Eric Seidel.
No new tests, no change in functionality.
* page/EventHandler.cpp:
(WebCore::EventHandler::handleGestureTap):
Use rounded point for gestures as event handling is still mostly int based.
2012-05-02 Kenneth Russell <kbr@google.com>
Don't allocate stencil buffer if stencil flag is false in context creation attributes
https://bugs.webkit.org/show_bug.cgi?id=85317
Reviewed by Dimitri Glazkov.
Make it appear to WebGL application that there is no stencil
buffer even if the underlying GraphicsContext3D allocated one.
Verified intended behavior with test case from Mozilla's bug report.
Updated context-attributes-alpha-depth-stencil-antialias.html test
from Khronos repository. Ran WebGL layout tests on Linux in
Chrome's DRT and on Mac OS in Safari's.
* html/canvas/WebGLFramebuffer.cpp:
(WebCore::WebGLFramebuffer::hasStencilBuffer): Added query method.
(WebCore): Changed desired semantics of isValidRenderbuffer.
* html/canvas/WebGLFramebuffer.h:
(WebGLFramebuffer): Added hasStencilBuffer.
* html/canvas/WebGLRenderingContext.cpp:
(WebCore):
(WebCore::WebGLRenderingContext::initializeNewContext):
Clear new flag.
(WebCore::WebGLRenderingContext::bindFramebuffer):
Reset stencil test upon framebuffer change.
(WebCore::WebGLRenderingContext::disable):
Cache flag; reset stencil test.
(WebCore::WebGLRenderingContext::enable):
Cache flag; reset stencil test.
(WebCore::WebGLRenderingContext::framebufferRenderbuffer):
Reset stencil test upon renderbuffer change.
(WebCore::WebGLRenderingContext::getContextAttributes):
Force depth and stencil to false if false was requested.
(WebCore::WebGLRenderingContext::isEnabled):
Return cached flag.
(WebCore::WebGLRenderingContext::renderbufferStorage):
Reset stencil test upon renderbuffer reallocation.
(WebCore::WebGLRenderingContext::applyStencilTest):
Enable or disable stencil test based on request and availability.
(WebCore::WebGLRenderingContext::enableOrDisable):
Helper function.
* html/canvas/WebGLRenderingContext.h:
(WebGLRenderingContext):
Added cache of STENCIL_TEST flag. Deleted unused m_stencilBits.
2012-05-02 Ryosuke Niwa <rniwa@webkit.org>
Drag and drop text into table is pasting the text in the next <td> element
https://bugs.webkit.org/show_bug.cgi?id=75004
Reviewed by Darin Adler.
The bug was caused by ReplaceSelectionCommand adjusting the insertion position to be before
of the block element containing the insertion position even when the block element is a table cell.
Fixed the bug by not moving the insertion position before the table cell in this case.
Test: editing/pasteboard/paste-into-table-cell.html
* editing/ReplaceSelectionCommand.cpp:
(WebCore::ReplaceSelectionCommand::doApply):
2012-05-02 Beth Dakin <bdakin@apple.com>
https://bugs.webkit.org/show_bug.cgi?id=85309
supportsExpandedScrollbars() should check for the method we actually call rather
than a related method
Reviewed by Anders Carlsson.
Missing colon.
* platform/mac/ScrollbarThemeMac.mm:
(WebCore::supportsExpandedScrollbars):
2012-05-02 Antti Koivisto <antti@apple.com>
Move title and media queries from StyleSheetInternal to CSSStyleSheet
https://bugs.webkit.org/show_bug.cgi?id=85387
Reviewed by Anders Carlsson.
Stylesheet title and media queries are determined by the owner, not by the stylesheet itself.
The fields belong to CSSStyleSheet.
This will make it easier to share StyleSheetInternal instances between documents.
* css/CSSStyleSheet.cpp:
(WebCore::StyleSheetInternal::StyleSheetInternal):
(WebCore::StyleSheetInternal::isCacheable):
(WebCore):
(WebCore::CSSStyleSheet::setDisabled):
Invalidate the document style directly instead of ping-ponging through StyleSheetInternal.
(WebCore::CSSStyleSheet::setMediaQueries):
(WebCore::CSSStyleSheet::media):
* css/CSSStyleSheet.h:
(StyleSheetInternal):
(WebCore::StyleSheetInternal::originalURL):
(WebCore::StyleSheetInternal::hasCharsetRule):
(WebCore::CSSStyleSheet::mediaQueries):
(CSSStyleSheet):
(WebCore::CSSStyleSheet::setTitle):
* css/StyleResolver.cpp:
(WebCore::StyleResolver::appendAuthorStylesheets):
(WebCore::StyleResolver::collectMatchingRulesForList):
* dom/DOMImplementation.cpp:
(WebCore::DOMImplementation::createCSSStyleSheet):
* dom/ProcessingInstruction.cpp:
(WebCore::ProcessingInstruction::setCSSStyleSheet):
* dom/StyleElement.cpp:
(WebCore::StyleElement::createSheet):
* html/HTMLLinkElement.cpp:
(WebCore::HTMLLinkElement::parseAttribute):
(WebCore::HTMLLinkElement::setCSSStyleSheet):
* html/HTMLStyleElement.cpp:
(WebCore::HTMLStyleElement::parseAttribute):
* svg/SVGStyleElement.cpp:
(WebCore::SVGStyleElement::parseAttribute):
2012-05-02 Alexis Menard <alexis.menard@openbossa.org>
Unreviewed Qt build fix with GCC 4.7.0.
* platform/qt/DeviceMotionProviderQt.h:
(DeviceMotionProviderQt):
* platform/qt/DeviceOrientationProviderQt.cpp:
(WebCore::DeviceOrientationProviderQt::~DeviceOrientationProviderQt):
(WebCore):
* platform/qt/DeviceOrientationProviderQt.h:
(DeviceOrientationProviderQt):
2012-05-02 No'am Rosenthal <noam.rosenthal@nokia.com>
[Texmap] Enable css filters in TextureMapperGL
https://bugs.webkit.org/show_bug.cgi?id=75778
Unreviewed build fix to greenify the Qt Minimal bot.
* platform/graphics/texmap/TextureMapperShaderManager.h:
2012-05-02 Philippe Normand <pnormand@igalia.com>
[GTK] Compilation warnings in RenderTheme
https://bugs.webkit.org/show_bug.cgi?id=85286
Reviewed by Martin Robinson.
Removed un-needed code and refactored fileListNameForWidth
accordingly to avoid un-used variable warnings during compilation.
* platform/gtk/RenderThemeGtk.cpp:
(WebCore):
(WebCore::RenderThemeGtk::fileListNameForWidth):
2012-05-02 Ryosuke Niwa <rniwa@webkit.org>
NULL ptr in WebCore::AppendNodeCommand::AppendNodeCommand
https://bugs.webkit.org/show_bug.cgi?id=75843
Reviewed by Tony Chang.
The crash was caused by indentIntoBlockquote's passing a bad outerBlock to moveParagraphsWithClone.
When the position is created after blockquote in the following DOM:
BODY
* BLOCKQUOTE style=margin: 0 0 0 40px; border: none; padding: 0px;
E
#text "\nx\n"
VisiblePosition's constructor (of startOfContents) turns the position into a legacy position (blockquote, 0).
The crash occurs because this position doesn't belong in the same paragraph as E, which is the paragraph
we're trying to move into the blockquote.
Fixed bug by calling positionInParentAfterNode instead of positionAfterNode for now. We should eventually be
able to use positionAfterNode here once VisiblePosition's constructor starts handling before/after positions
properly.
Test: editing/execCommand/indent-with-after-content-crash.html
* editing/IndentOutdentCommand.cpp:
(WebCore::IndentOutdentCommand::indentIntoBlockquote):
2012-05-02 Jer Noble <jer.noble@apple.com>
WebWindowFadeAnimation ignores "duration" parameter.
https://bugs.webkit.org/show_bug.cgi?id=85386
Reviewed by Brady Eidson.
Ignoring the "duration" parameter causes the full screen fade and scale animations
to get out of sync.
* platform/mac/WebWindowAnimation.mm:
(-[WebWindowFadeAnimation initWithDuration:window:initialAlpha:finalAlpha:]):
2012-05-02 Julien Chaffraix <jchaffraix@webkit.org>
REGRESSION(110072): Clipping is not applied on layers that are animated using platform code
https://bugs.webkit.org/show_bug.cgi?id=83954
Reviewed by Simon Fraser.
Tests: fast/layers/no-clipping-overflow-hidden-added-after-transform-expected.html
fast/layers/no-clipping-overflow-hidden-added-after-transform.html
fast/layers/no-clipping-overflow-hidden-added-after-transition-expected.html
fast/layers/no-clipping-overflow-hidden-added-after-transition.html
fast/layers/no-clipping-overflow-hidden-hardware-acceleration-expected.html
fast/layers/no-clipping-overflow-hidden-hardware-acceleration.html
(and all the tests that will need to be rebaselined)
r110072 changed the way we create layers to lazily allocate overflow: hidden ones
based on layout overflow. However with hardware acceleration, certain operations
do cause overflow without actually calling layout (the test cases added as part
of this change are using transition / animation). This means that those cases
wouldn't properly clip.
Due to the above issue and the other regressions from r110072, the easiest fix is
to just to roll it out.
* rendering/RenderBox.h:
Changed to allocate a layer whenever we have an overflow clip.
* rendering/RenderBox.cpp:
(WebCore::RenderBox::scrolledContentOffset):
(WebCore::RenderBox::cachedSizeForOverflowClip):
Reverted those 2 to avoid using the cached size logic.
* rendering/RenderBlock.cpp:
(WebCore::RenderBlock::updateScrollInfoAfterLayout):
(WebCore::RenderBlock::layoutBlock):
(WebCore::RenderBlock::paint):
(WebCore::RenderBlock::isPointInOverflowControl):
* rendering/RenderBlock.h:
* rendering/RenderBox.cpp:
(WebCore::RenderBox::willBeDestroyed):
(WebCore::RenderBox::styleDidChange):
(WebCore::RenderBox::layout):
(WebCore::RenderBox::scrollWidth):
(WebCore::RenderBox::scrollHeight):
(WebCore::RenderBox::scrollLeft):
(WebCore::RenderBox::scrollTop):
(WebCore::RenderBox::setScrollLeft):
(WebCore::RenderBox::setScrollTop):
(WebCore::RenderBox::includeVerticalScrollbarSize):
(WebCore::RenderBox::includeHorizontalScrollbarSize):
(WebCore::RenderBox::pushContentsClip):
(WebCore::RenderBox::popContentsClip):
(WebCore::RenderBox::addLayoutOverflow):
* rendering/RenderBoxModelObject.cpp:
(WebCore::RenderBoxModelObject::styleDidChange):
* rendering/RenderBoxModelObject.h:
(RenderBoxModelObject):
* rendering/RenderDeprecatedFlexibleBox.cpp:
(WebCore::RenderDeprecatedFlexibleBox::layoutBlock):
* rendering/RenderFlexibleBox.cpp:
(WebCore::RenderFlexibleBox::layoutBlock):
* rendering/RenderTable.cpp:
(WebCore::RenderTable::layout):
* rendering/RenderTableRow.h:
(RenderTableRow):
* rendering/RenderTableSection.cpp:
(WebCore::RenderTableSection::layout):
Removed the previous scaffolding code and reverted some functions to
being private (as they were prior to r110072).
2012-05-02 No'am Rosenthal <noam.rosenthal@nokia.com>
[Texmap] Enable css filters in TextureMapperGL
https://bugs.webkit.org/show_bug.cgi?id=75778
Reviewed by Jocelyn Turcotte.
Added support for color filters in TextureMapperGL. Blur and shadow would be done in a
different patch.
Modified BitmapTexture::applyFilters to return a texture, since GL cannot paint a texture
into itself.
Created a shader map for standard filters, since all of them work more or less the same way
with a single uniform. Added the colorization shaders based on the W3C filter spec, as
already implemented in FEFilterRenderer.cpp and FEColorMatrix.cpp.
We use two swapping textures to render the filters.
Covered by tests in css3/filters.
* platform/graphics/texmap/TextureMapper.cpp:
(WebCore::TextureMapper::acquireTextureFromPool):
* platform/graphics/texmap/TextureMapper.h:
(WebCore::BitmapTexture::applyFilters):
* platform/graphics/texmap/TextureMapperGL.cpp:
(WebCore::BitmapTextureGL::updateContents):
(WebCore):
(WebCore::TextureMapperGL::drawFiltered):
(WebCore::BitmapTextureGL::applyFilters):
(WebCore::BitmapTextureGL::bind):
* platform/graphics/texmap/TextureMapperGL.h:
(TextureMapperGL):
(BitmapTextureGL):
* platform/graphics/texmap/TextureMapperImageBuffer.cpp:
(WebCore::BitmapTextureImageBuffer::applyFilters):
* platform/graphics/texmap/TextureMapperImageBuffer.h:
(BitmapTextureImageBuffer):
* platform/graphics/texmap/TextureMapperLayer.cpp:
(WebCore::applyFilters):
(WebCore::TextureMapperLayer::syncCompositingStateSelf):
* platform/graphics/texmap/TextureMapperShaderManager.cpp:
(WebCore::TextureMapperShaderManager::~TextureMapperShaderManager):
(WebCore):
(WebCore::StandardFilterProgram::~StandardFilterProgram):
(WebCore::StandardFilterProgram::StandardFilterProgram):
(WebCore::StandardFilterProgram::create):
(WebCore::StandardFilterProgram::prepare):
(WebCore::TextureMapperShaderManager::getShaderForFilter):
* platform/graphics/texmap/TextureMapperShaderManager.h:
(WebCore):
(StandardFilterProgram):
(WebCore::StandardFilterProgram::vertexAttrib):
(WebCore::StandardFilterProgram::texCoordAttrib):
(WebCore::StandardFilterProgram::textureUniform):
(TextureMapperShaderManager):
2012-05-02 Philippe Normand <pnormand@igalia.com>
[GTK] media/track/track-cue-rendering-snap-to-lines-not-set.html fails
https://bugs.webkit.org/show_bug.cgi?id=84378
Reviewed by Eric Carlson.
Fix positioning of the controls panel back to relative, as it is
in the parent CSS. Also remove some duplicate CSS attributes.
* css/mediaControlsGtk.css:
(audio::-webkit-media-controls-panel, video::-webkit-media-controls-panel):
2012-05-02 Beth Dakin <bdakin@apple.com>
https://bugs.webkit.org/show_bug.cgi?id=85309
supportsExpandedScrollbars() should check for the method we actually call rather
than a related method
-and corresponding-
<rdar://problem/11065691>
Reviewed by Anders Carlsson.
* platform/mac/ScrollbarThemeMac.mm:
(WebCore::supportsExpandedScrollbars):
2012-05-02 Zalan Bujtas <zbujtas@gmail.com>
[Qt] Remove redundant updateViewportArguments() call from HTMLBodyElement::didNotifyDescendantInseretions()
https://bugs.webkit.org/show_bug.cgi?id=84241
Reviewed by Kenneth Rohde Christiansen.
No need to update viewport arguments when the body element is inserted into the Document.
Viewport arguments are updated first when the Document is set on the Frame, and later
on any subsequent occurence of the viewport meta tag in the document.
It is sufficient to dispatch viewport update once per main frame, if no viewport meta tag is present.
Also add a flag to be able to track viewport argument update dispatch.
No tests. Currrent viewport tests cover this behaviour.
* dom/Document.cpp:
(WebCore::Document::Document):
(WebCore::Document::updateViewportArguments):
(WebCore::Document::documentWillSuspendForPageCache):
* dom/Document.h:
(Document):
(WebCore::Document::didDispatchViewportPropertiesChanged):
* html/HTMLBodyElement.cpp:
(WebCore::HTMLBodyElement::didNotifyDescendantInseretions):
2012-05-02 Pavel Feldman <pfeldman@chromium.org>
Web Inspector: Cannot read property 'length' of undefined TextEditorModel.js:467
https://bugs.webkit.org/show_bug.cgi?id=85360
Reviewed by Yury Semikhatsky.
Added the undo/redo stack length checks.
* inspector/front-end/TextEditorModel.js:
(WebInspector.TextEditorModel.endsWithBracketRegex.):
2012-05-02 Pavel Feldman <pfeldman@chromium.org>
WebInspector: Scripts panel editor dirty state is cleared when the tab with editor is closed.
https://bugs.webkit.org/show_bug.cgi?id=85361
Reviewed by Yury Semikhatsky.
Added content validation upon script show.
* inspector/front-end/JavaScriptSourceFrame.js:
(WebInspector.JavaScriptSourceFrame.prototype.wasShown):
2012-05-02 Pavel Feldman <pfeldman@chromium.org>
Web Inspector: breakpoints are de-activated only upon the second click.
https://bugs.webkit.org/show_bug.cgi?id=85359
Reviewed by Yury Semikhatsky.
Initial value for activated state is set.
* inspector/front-end/DebuggerModel.js:
(WebInspector.DebuggerModel):
2012-05-02 Pavel Feldman <pfeldman@chromium.org>
Web Inspector: live edit fails to report error
https://bugs.webkit.org/show_bug.cgi?id=85357
Reviewed by Yury Semikhatsky.
ProtocolError is now a string, not an error object.
* inspector/front-end/DatabaseQueryView.js:
(WebInspector.DatabaseQueryView.prototype._queryError):
* inspector/front-end/SourceFrame.js:
(WebInspector.SourceFrame.prototype.didEditContent):
2012-05-02 Lars Knudsen <lars.knudsen@nokia.com>
[Qt] Make DeviceMotion and DeviceOrientation work with WebKit2
https://bugs.webkit.org/show_bug.cgi?id=64595
Reviewed by Kenneth Rohde Christiansen.
No new tests added. This change adds support for WK2
what was in WK1.
Also moving DeviceMotion and DeviceOrientation clients and
providers to WebCore. This is done to allow clean dependencies
when statically linking WK2.
* Target.pri:
* WebCore.pri:
* platform/qt/DeviceMotionClientQt.cpp: Renamed from Source/WebKit/qt/WebCoreSupport/DeviceMotionClientQt.cpp.
(WebCore):
(WebCore::DeviceMotionClientQt::~DeviceMotionClientQt):
(WebCore::DeviceMotionClientQt::deviceMotionControllerDestroyed):
(WebCore::DeviceMotionClientQt::setController):
(WebCore::DeviceMotionClientQt::startUpdating):
(WebCore::DeviceMotionClientQt::stopUpdating):
(WebCore::DeviceMotionClientQt::currentDeviceMotion):
* platform/qt/DeviceMotionClientQt.h: Renamed from Source/WebKit/qt/WebCoreSupport/DeviceMotionClientQt.h.
(WebCore):
(DeviceMotionClientQt):
(WebCore::DeviceMotionClientQt::DeviceMotionClientQt):
* platform/qt/DeviceMotionProviderQt.cpp: Renamed from Source/WebKit/qt/WebCoreSupport/DeviceMotionProviderQt.cpp.
(WebCore):
(WebCore::DeviceMotionProviderQt::DeviceMotionProviderQt):
(WebCore::DeviceMotionProviderQt::~DeviceMotionProviderQt):
(WebCore::DeviceMotionProviderQt::setController):
(WebCore::DeviceMotionProviderQt::start):
(WebCore::DeviceMotionProviderQt::stop):
(WebCore::DeviceMotionProviderQt::filter):
* platform/qt/DeviceMotionProviderQt.h: Renamed from Source/WebKit/qt/WebCoreSupport/DeviceMotionProviderQt.h.
(WebCore):
(DeviceMotionProviderQt):
(WebCore::DeviceMotionProviderQt::currentDeviceMotion):
* platform/qt/DeviceOrientationClientQt.cpp: Renamed from Source/WebKit/qt/WebCoreSupport/DeviceOrientationClientQt.cpp.
(WebCore):
(WebCore::DeviceOrientationClientQt::deviceOrientationControllerDestroyed):
(WebCore::DeviceOrientationClientQt::setController):
(WebCore::DeviceOrientationClientQt::startUpdating):
(WebCore::DeviceOrientationClientQt::stopUpdating):
(WebCore::DeviceOrientationClientQt::lastOrientation):
* platform/qt/DeviceOrientationClientQt.h: Renamed from Source/WebKit/qt/WebCoreSupport/DeviceOrientationClientQt.h.
(WebCore):
(DeviceOrientationClientQt):
* platform/qt/DeviceOrientationProviderQt.cpp: Renamed from Source/WebKit/qt/WebCoreSupport/DeviceOrientationProviderQt.cpp.
(WebCore):
(WebCore::DeviceOrientationProviderQt::DeviceOrientationProviderQt):
(WebCore::DeviceOrientationProviderQt::~DeviceOrientationProviderQt):
(WebCore::DeviceOrientationProviderQt::setController):
(WebCore::DeviceOrientationProviderQt::start):
(WebCore::DeviceOrientationProviderQt::stop):
(WebCore::DeviceOrientationProviderQt::filter):
* platform/qt/DeviceOrientationProviderQt.h: Renamed from Source/WebKit/qt/WebCoreSupport/DeviceOrientationProviderQt.h.
(WebCore):
(DeviceOrientationProviderQt):
(WebCore::DeviceOrientationProviderQt::isActive):
(WebCore::DeviceOrientationProviderQt::lastOrientation):
(WebCore::DeviceOrientationProviderQt::hasAlpha):
2012-05-02 Yury Semikhatsky <yurys@chromium.org>
Web Inspector: exception in console when there are watch expressions
https://bugs.webkit.org/show_bug.cgi?id=85351
Check if script execution is still paused before trying to resolve an
object for script popover because execution may be resumed after popover
showing is scheduled but before we start resolving the object under
the cursor in which case there is no selected call frame any more and
we should hide the popover.
Reviewed by Pavel Feldman.
* inspector/front-end/JavaScriptSourceFrame.js:
(WebInspector.JavaScriptSourceFrame.prototype._resolveObjectForPopover):
2012-05-02 Tommy Widenflycht <tommyw@google.com>
MediaStream API: Changing webkitGetUserMedia to take an object instead of a string
https://bugs.webkit.org/show_bug.cgi?id=84850
Reviewed by Dimitri Glazkov.
The standard changed a while back to use an object as a dictionary but since JSC
didn't support the Dictionary class until just recently we have not updated the API until now.
Change covered by existing, and edited, tests.
* Modules/mediastream/NavigatorMediaStream.cpp:
(WebCore::NavigatorMediaStream::webkitGetUserMedia):
* Modules/mediastream/NavigatorMediaStream.h:
(WebCore):
(NavigatorMediaStream):
* Modules/mediastream/NavigatorMediaStream.idl:
* Modules/mediastream/UserMediaRequest.cpp:
(WebCore::UserMediaRequest::create):
(WebCore::UserMediaRequest::UserMediaRequest):
* Modules/mediastream/UserMediaRequest.h:
(WebCore):
(UserMediaRequest):
* platform/mediastream/MediaStreamSourcesQueryClient.h:
(MediaStreamSourcesQueryClient):
2012-05-02 Antti Koivisto <antti@apple.com>
StyleSheetInternal::parseUserStyleSheet() should be called parseAuthorStyleSheet().
Rubber-stamped by Nikolas Zimmermann.
* css/CSSImportRule.cpp:
(WebCore::StyleRuleImport::setCSSStyleSheet):
* css/CSSStyleSheet.cpp:
(WebCore::StyleSheetInternal::parseAuthorStyleSheet):
* css/CSSStyleSheet.h:
(StyleSheetInternal):
* html/HTMLLinkElement.cpp:
(WebCore::HTMLLinkElement::setCSSStyleSheet):
2012-05-02 Yury Semikhatsky <yurys@chromium.org>
REGRESSION: Web Inspector doesn't show cookies anymore
https://bugs.webkit.org/show_bug.cgi?id=85349
Pass root node instead of DataGrid object to the "populateNode" method.
Added compiler annotations so that closure compiler catches such errors.
Reviewed by Pavel Feldman.
* inspector/front-end/CookiesTable.js:
(WebInspector.CookiesTable.prototype._rebuildTable):
* inspector/front-end/NetworkRequest.js:
(WebInspector.NetworkRequest.prototype.addFrameError):
2012-05-02 Dongwoo Im <dw.im@samsung.com>
[EFL] Implement the Web Audio API feature.
https://bugs.webkit.org/show_bug.cgi?id=78688
Reviewed by Philippe Normand.
Implement the Web Audio API feature on the EFL port.
https://dvcs.w3.org/hg/audio/raw-file/tip/webaudio/specification.html
* CMakeLists.txt: Add the list of the files which are needed for the Web Audio APi.
* PlatformEfl.cmake: Add the list of the files which are needed for the Web Audio APi.
* UseJSC.cmake: Add the list of the files which are needed for the Web Audio APi.
* platform/audio/HRTFElevation.cpp: Enable the USE_CONCATENATED_IMPULSE_RESPONSES macro.
(WebCore):
* platform/audio/efl/AudioBusEfl.cpp: Added.
(WebCore):
(WebCore::AudioBus::loadPlatformResource): Create the absolute path of the audio resource.
2012-05-01 Kentaro Hara <haraken@chromium.org>
[V8] Add an Isolate parameter to setJSWrapperForXXX()
https://bugs.webkit.org/show_bug.cgi?id=85329
Reviewed by Adam Barth.
The objective is to pass Isolate around in V8 bindings.
This patch adds an Isolate parameter to setJSWrapperForXXX()
and passes Isolate to setJSWrapperForXXX() in CodeGeneratorV8.pm.
I'll pass Isolate to setJSWrapperForXXX() in custom bindings
in a follow-up patch.
No tests. No change in behavior.
* bindings/scripts/CodeGeneratorV8.pm: Modified as described above.
(GenerateConstructorCallback):
(GenerateEventConstructorCallback):
(GenerateNamedConstructorCallback):
(GenerateToV8Converters):
* bindings/v8/V8DOMWrapper.cpp:
(WebCore::V8DOMWrapper::setJSWrapperForDOMNode):
(WebCore::V8DOMWrapper::setJSWrapperForActiveDOMNode):
* bindings/v8/V8DOMWrapper.h:
(V8DOMWrapper):
(WebCore::V8DOMWrapper::setJSWrapperForDOMObject):
(WebCore::V8DOMWrapper::setJSWrapperForActiveDOMObject):
* bindings/scripts/test/V8/V8Float64Array.cpp: Updated run-bindings-tests results.
(WebCore::V8Float64Array::wrapSlow):
* bindings/scripts/test/V8/V8TestActiveDOMObject.cpp:
(WebCore::V8TestActiveDOMObject::wrapSlow):
* bindings/scripts/test/V8/V8TestCustomNamedGetter.cpp:
(WebCore::V8TestCustomNamedGetter::wrapSlow):
* bindings/scripts/test/V8/V8TestEventConstructor.cpp:
(WebCore::V8TestEventConstructor::constructorCallback):
(WebCore::V8TestEventConstructor::wrapSlow):
* bindings/scripts/test/V8/V8TestEventTarget.cpp:
(WebCore::V8TestEventTarget::wrapSlow):
* bindings/scripts/test/V8/V8TestInterface.cpp:
(WebCore::V8TestInterface::constructorCallback):
(WebCore::V8TestInterface::wrapSlow):
* bindings/scripts/test/V8/V8TestMediaQueryListListener.cpp:
(WebCore::V8TestMediaQueryListListener::wrapSlow):
* bindings/scripts/test/V8/V8TestNamedConstructor.cpp:
(WebCore::V8TestNamedConstructorConstructorCallback):
(WebCore::V8TestNamedConstructor::wrapSlow):
* bindings/scripts/test/V8/V8TestNode.cpp:
(WebCore::V8TestNode::constructorCallback):
(WebCore::V8TestNode::wrapSlow):
* bindings/scripts/test/V8/V8TestObj.cpp:
(WebCore::V8TestObj::constructorCallback):
(WebCore::V8TestObj::wrapSlow):
* bindings/scripts/test/V8/V8TestSerializedScriptValueInterface.cpp:
(WebCore::V8TestSerializedScriptValueInterface::constructorCallback):
(WebCore::V8TestSerializedScriptValueInterface::wrapSlow):
2012-05-01 Eric Seidel <eric@webkit.org>
Add <iframe seamless> navigation code (and pass all the navigation tests)
https://bugs.webkit.org/show_bug.cgi?id=85340
Reviewed by Adam Barth.
This code was primarily written by Adam Barth and then submitted to my
GitHub branch via a pull request:
https://github.com/eseidel/webkit/compare/master...seamlesshttps://github.com/eseidel/webkit/pull/2https://github.com/eseidel/webkit/pull/3
I rewrote parts of it to use Docment::shouldDisplaySeamlesslyWithParent.
Other parts of the original change have already been committed to WebKit by Adam
as part of prep-work for making the loader seamless-ready.
* loader/FrameLoader.cpp:
(WebCore::FrameLoader::findFrameForNavigation):
2012-05-01 Vincent Scheib <scheib@chromium.org>
Fullscreen pop-up logic restored to using processingUserGesture.
https://bugs.webkit.org/show_bug.cgi?id=85105
WebKit was recently updated to the new Fullscreen API:
http://dvcs.w3.org/hg/fullscreen/raw-file/tip/Overview.html#apihttp://trac.webkit.org/changeset/111028
This change reverts back to using processingUserGesture() instead
of DOMWindow::allowPopUp(). This fixes incorrect behavior in
at least the Chromium port and is consistent with the cited
definition of "allowed to show a pop-up":
An algorithm is allowed to show a pop-up if, in the task in which the algorithm is running, either:
- an activation behavior is currently being processed whose click event was trusted, or
- the event listener for a trusted click event is being handled.
Reviewed by Dimitri Glazkov.
No new tests.
* dom/Document.cpp:
(WebCore::Document::requestFullScreenForElement):
2012-05-01 Xiaomei Ji <xji@chromium.org>
enable ctrl-arrow move by word visually in non-Windows platforms.
https://bugs.webkit.org/show_bug.cgi?id=85017
Reviewed by Ryosuke Niwa.
Enable ctrl-arrow moves caret by word in visual order in non-Windows platforms that use ICU word
break iterator (it is not enabled for WinCE and Qt where ICU is not used). For those platforms, ctrl-arrow
moves caret to word break position before spaces. For example, given a logical text "abc def hij", the word
break positions using ctrl-left-arrow from rightmost position are "|abc |def |hij".
The word break positions using ctrl-right-arrow from leftmost position are "abc| def| hij|".
Test: editing/selection/move-by-word-visually-mac.html
* editing/EditingBehavior.h:
(EditingBehavior):
(WebCore::EditingBehavior::shouldEatSpaceToNextWord): To control different word break positions
(regards to space) for different platforms.
* editing/FrameSelection.cpp:
(WebCore::FrameSelection::modifyMovingRight): Enable visual word movement for all platforms that use ICU.
(WebCore::FrameSelection::modifyMovingLeft):
* editing/visible_units.cpp:
(WebCore::visualWordPosition): Determine the right word break position (regards to space) based on EditingBehavior.
(WebCore::leftWordPosition):
(WebCore::rightWordPosition):
* editing/visible_units.h:
2012-05-01 Raymond Liu <raymond.liu@intel.com>
Modify RealtimeAnalyserNode pull mechanism
https://bugs.webkit.org/show_bug.cgi?id=77515
Reviewed by Chris Rogers.
Test: webaudio/automatic-pull-node.html
* GNUmakefile.list.am:
* Modules/webaudio/AudioBasicInspectorNode.cpp: Added.
(WebCore):
(WebCore::AudioBasicInspectorNode::AudioBasicInspectorNode):
(WebCore::AudioBasicInspectorNode::pullInputs):
(WebCore::AudioBasicInspectorNode::connect):
(WebCore::AudioBasicInspectorNode::disconnect):
(WebCore::AudioBasicInspectorNode::checkNumberOfChannelsForInput):
(WebCore::AudioBasicInspectorNode::updatePullStatus):
* Modules/webaudio/AudioBasicInspectorNode.h: Added.
(WebCore):
(AudioBasicInspectorNode):
* Modules/webaudio/AudioContext.cpp:
(WebCore::AudioContext::AudioContext):
(WebCore::AudioContext::~AudioContext):
(WebCore::AudioContext::handlePreRenderTasks):
(WebCore::AudioContext::handlePostRenderTasks):
(WebCore::AudioContext::markForDeletion):
(WebCore):
(WebCore::AudioContext::addAutomaticPullNode):
(WebCore::AudioContext::removeAutomaticPullNode):
(WebCore::AudioContext::updateAutomaticPullNodes):
(WebCore::AudioContext::processAutomaticPullNodes):
* Modules/webaudio/AudioContext.h:
(AudioContext):
* Modules/webaudio/AudioDestinationNode.cpp:
(WebCore::AudioDestinationNode::provideInput):
* Modules/webaudio/AudioNode.h:
(AudioNode):
* Modules/webaudio/AudioNodeOutput.h:
(WebCore::AudioNodeOutput::isConnected):
(AudioNodeOutput):
* Modules/webaudio/RealtimeAnalyserNode.cpp:
(WebCore::RealtimeAnalyserNode::RealtimeAnalyserNode):
* Modules/webaudio/RealtimeAnalyserNode.h:
(RealtimeAnalyserNode):
* WebCore.gypi:
* WebCore.xcodeproj/project.pbxproj:
2012-05-01 Keishi Hattori <keishi@webkit.org>
datalist: Form control in a <datalist> should be barred from constraint validation
https://bugs.webkit.org/show_bug.cgi?id=84359
Reviewed by Kent Tamura.
Tests: fast/forms/datalist/datalist-child-validation.html
fast/forms/form-control-element-crash.html
* html/HTMLFormControlElement.cpp:
(WebCore::HTMLFormControlElement::HTMLFormControlElement):
(WebCore::HTMLFormControlElement::updateAncestors): Updates the ancestor information.
(WebCore::HTMLFormControlElement::insertedInto): Invalidate the ancestor information and call setNeedsWillValidateCheck because willValidate might have changed.
(WebCore::HTMLFormControlElement::removedFrom): Ditto.
(WebCore::HTMLFormControlElement::disabled):
(WebCore::HTMLFormControlElement::recalcWillValidate): Returns false if element has a datalist ancestor.
(WebCore::HTMLFormControlElement::willValidate): Check if ancestor information is valid too.
(WebCore::HTMLFormControlElement::setNeedsWillValidateCheck):
* html/HTMLFormControlElement.h:
(HTMLFormControlElement):
2012-05-01 Kent Tamura <tkent@chromium.org>
Calendar Picker: Close the picker by ESC key
https://bugs.webkit.org/show_bug.cgi?id=85337
Reviewed by Kentaro Hara.
No new tests. Calendar picker is not testable in DRT yet.
* Resources/calendarPicker.js:
(handleGlobalKey): Close the popup by ESC key.
2012-05-01 Noel Gordon <noel.gordon@gmail.com>
PNGImageDecoder: Handle interlace buffer allocation failure
https://bugs.webkit.org/show_bug.cgi?id=85276
Reviewed by Eric Seidel.
No new tests. Not something we can easily test (malloc failure).
* platform/image-decoders/png/PNGImageDecoder.cpp:
(WebCore::PNGImageDecoder::rowAvailable): Check interlace buffer allocations
and bail via longjmp on failure. Note PNG_INTERLACE_ADAM7 is the only libpng
supported interlace type so test for it explicitly.
2012-05-01 Kent Tamura <tkent@chromium.org>
Calendar Picker: Too wide in Japanese locale
https://bugs.webkit.org/show_bug.cgi?id=85331
Reviewed by Kentaro Hara.
No new tests. This is a locale-specific behavior.
* Resources/calendarPicker.js:
(formatJapaneseImperialEra):
Do not show an imperial era later than 平成99年 to avoid very long
year string like "275760年(平成273772年)."
(YearMonthController.prototype.attachTo):
- Respect the maximum year specfied by <input max=...>
If <input max="9999-12-31"> is specified, we don't need to
secure space for the year 275,760.
- Check the width for 平成99年 as well as the maximum year because
"2087年(平成99年)" is usually wider than "275760年".
2012-05-01 Noel Gordon <noel.gordon@gmail.com>
PNGImageDecoder: Add ENABLE(IMAGE_DECODER_DOWN_SAMPLING) guards to rowAvailable
https://bugs.webkit.org/show_bug.cgi?id=85268
Reviewed by Eric Seidel.
PNGImageDecoder supports image downsampling. Add ENABLE guards to show where
downsampling is applied when outputting decoded rows to the frame buffer. Most
ports don't enable the flag: don't penalize them in terms speed in this tight
row pixel write loop. s/y/destY/ to match setRGBA() and amend some comments.
No new tests. No change in behavior.
* platform/image-decoders/png/PNGImageDecoder.cpp:
(WebCore::PNGImageDecoder::rowAvailable):
2012-05-01 Eric Seidel <eric@webkit.org>
Remove uneeded min/max pref width assignment from RenderView
https://bugs.webkit.org/show_bug.cgi?id=85325
Reviewed by Julien Chaffraix.
This code has been with us since the original import from KDE:
http://trac.webkit.org/browser/trunk/WebCore/khtml/rendering/render_root.cpp?annotate=blame&rev=4#L93
It's never been documented, or explained. Removing it showed no
effect on my local layout tests run.
However this code blocks proper implementation of <iframe seamless>
as we have to do proper min/max width negotiation across the iframe boundary.
I would remove the whole function, but doing so opens a whole can of worms
as this override is public, yet normally this function is *private* (well protected on RenderBox).
It seems plausible that frame flattening code needs this override since it doesn't always
call the min/maxPreferredWidth() calls which normally automatically call this compute*
function if the pref-widths are dirty.
Instead of trying to track that all down, I'm just removing this line, and we'll go
back and remove the whole function at a later date if possible.
* rendering/RenderView.cpp:
(WebCore::RenderView::computePreferredLogicalWidths):
2012-05-01 Nate Chapin <japhet@chromium.org>
REGRESSION(r115654): PDFs come up blank
https://bugs.webkit.org/show_bug.cgi?id=85275
Reviewed by Alexey Proskuryakov.
Test: http/tests/loading/pdf-commit-load-callbacks.html
* loader/DocumentLoader.cpp:
(WebCore::DocumentLoader::finishedLoading): The load needs to be
committed before we call finishedLoading on the
FrameLoaderClient.
* loader/FrameLoader.cpp:
(WebCore::FrameLoader::transitionToCommitted): We're guaranteeing
that receivedFirstData() will be called other ways (namely,
DocumentLoader won't finish without doing so). This call now
causes custom representations to double-commit, which is bad.
2012-05-01 Eric Seidel <eric@webkit.org>
Add support for seamless attribute as well as seamless sandbox flag and default CSS styling
https://bugs.webkit.org/show_bug.cgi?id=85302
Reviewed by Ojan Vafai.
This also adds support for the seamless sandbox flag from HTML 5.
The sandbox flag is not speficially overridable in the current HTML5,
but it is set (like all sandbox flags) by default when sandbox is specified.
Unfortunately this support is not yet observable in this patch, as
this patch adds not observable features of seamless.
This patch also adds the html.css additions for seamless, as specified:
http://www.whatwg.org/specs/web-apps/current-work/multipage/rendering.html#replaced-elements
I noticed that my previous testing did not confirm that iframes marked
for seamless (but not possible to display as seamless due to sandbox, etc.)
were still to have this seamless styling. I've added additional testing for this case.
I also added another test for the about:blank FIXME added as part of this change.
In order to support srcdoc w/ seamless, we needed to move the srcdoc determination
sooner in the initSecurityContext function (before the should-inherit early return).
The next patch will make seamless actually observable from JS/DOM, this one
just lays down all the plumbing, and separates the security aspects for
easy review.
Test: fast/frames/seamless/seamless-inherited-origin.html
* css/html.css:
(iframe:not([seamless])):
(iframe[seamless]):
* dom/Document.cpp:
(WebCore::isEligibleForSeamless):
(WebCore):
(WebCore::Document::initSecurityContext):
(WebCore::Document::seamlessParentIFrame):
(WebCore::Document::shouldDisplaySeamlesslyWithParent):
* dom/Document.h:
(WebCore):
(Document):
* dom/SecurityContext.cpp:
(WebCore::SecurityContext::SecurityContext):
* dom/SecurityContext.h:
(WebCore::SecurityContext::mayDisplaySeamlessWithParent):
(SecurityContext):
* html/HTMLAttributeNames.in:
* html/HTMLIFrameElement.cpp:
(WebCore::HTMLIFrameElement::shouldDisplaySeamlessly):
(WebCore):
* html/HTMLIFrameElement.h:
(HTMLIFrameElement):
* html/HTMLIFrameElement.idl:
2012-05-01 Min Qin <qinmin@google.com>
use USE(NATIVE_FULLSCREEN_VIDEO) instead of ENABLE(NATIVE_FULLSCREEN_VIDEO)
https://bugs.webkit.org/show_bug.cgi?id=85316
Reviewed by Kent Tamura.
NATIVE_FULLSCREEN_VIDEO means the fullscreen video is implemented by native
system view instead of webkit.
So it is more appropriate to use USE(NATIVE_FULLSCREEN_VIDEO).
This chagne also disabled the rendering of the fullscreen video element in webkit
when that flag is set.
Just renaming the variable, no new tests.
* dom/Document.cpp:
(WebCore::Document::webkitWillEnterFullScreenForElement):
(WebCore):
* platform/graphics/MediaPlayer.cpp:
(WebCore):
* platform/graphics/MediaPlayer.h:
(MediaPlayer):
* platform/graphics/MediaPlayerPrivate.h:
(MediaPlayerPrivateInterface):
2012-05-01 Jeffrey Pfau <jpfau@apple.com>
<rdar://problem/10422318> Support for web content filter delegate for filtering https content
https://bugs.webkit.org/show_bug.cgi?id=85300
Reviewed by Alexey Proskuryakov.
No new tests.
* WebCore.exp.in:
* loader/MainResourceLoader.cpp:
(WebCore::MainResourceLoader::MainResourceLoader):
(WebCore::MainResourceLoader::~MainResourceLoader):
(WebCore::MainResourceLoader::didCancel):
(WebCore::MainResourceLoader::didReceiveResponse):
(WebCore::MainResourceLoader::didReceiveData):
(WebCore::MainResourceLoader::didFinishLoading):
(WebCore::MainResourceLoader::didFail):
* loader/MainResourceLoader.h:
(MainResourceLoader):
* platform/mac/WebCoreSystemInterface.h:
* platform/mac/WebCoreSystemInterface.mm:
2012-05-01 Kent Tamura <tkent@chromium.org>
Calendar Picker: Add capability to add platform-specific style sheet
https://bugs.webkit.org/show_bug.cgi?id=85272
Reviewed by Kentaro Hara.
Add RenderTheme::extraCalendarPickerStyleSheet(). The resultant string
of the function is inserted into the calendar picker page.
No new tests. Calendar picker apperance is not testable yet.
* Resources/calendarPicker.css: Removed styles for year-month buttons.
* Resources/calendarPickerMac.css:
Moved from calendarPicker.css, and adjust styles so that they look
standard Lion buttons.
(.year-month-button):
(.year-month-button:active):
(.year-month-button:disabled):
* WebCore.gyp/WebCore.gyp: Add a rule to produce CalendarPickerMac.{cpp,h}.
* html/shadow/CalendarPickerElement.cpp:
(WebCore::CalendarPickerElement::writeDocument):
Add extraCalendarPickerStyleSheet() result to the document.
* rendering/RenderTheme.cpp:
(WebCore::RenderTheme::extraCalendarPickerStyleSheet):
Added. Returns an empty CString by default.
* rendering/RenderTheme.h:
(RenderTheme): Added extraCalendarPickerStyleSheet().
* rendering/RenderThemeChromiumMac.h: Added extraCalendarPickerStyleSheet().
* rendering/RenderThemeChromiumMac.mm:
(WebCore::RenderThemeChromiumMac::extraCalendarPickerStyleSheet):
Added. Returns the content of Resources/calendarPickerMac.css.
2012-05-01 James Simonsen <simonjam@chromium.org>
Ensure HTMLElementStack fails gracefully if it has a non-Element.
https://bugs.webkit.org/show_bug.cgi?id=85167
Reviewed by Adam Barth.
Test: Added to html5lib/resources/webkit02.dat
* html/parser/HTMLElementStack.cpp:
(WebCore::HTMLElementStack::oneBelowTop):
* html/parser/HTMLTreeBuilder.cpp:
(WebCore::HTMLTreeBuilder::processEndTag):
2012-05-01 Ryosuke Niwa <rniwa@webkit.org>
*Command.h files shouldn't be exported to WebKit layer
https://bugs.webkit.org/show_bug.cgi?id=74778
Reviewed by Eric Seidel.
Remove the dependency on *Command.h files from Mac port's WebKit layer.
Also wrapped the call to TypingCommand::insertParagraphSeparatorInQuotedContent in the Editor class
so that we can just expose Editor's method instead of directly exposing the said static method.
* WebCore.exp.in:
* WebCore.xcodeproj/project.pbxproj:
* editing/Editor.h:
(Editor):
* editing/mac/EditorMac.mm:
(WebCore::Editor::insertParagraphSeparatorInQuotedContent):
(WebCore):
2012-05-01 Julien Chaffraix <jchaffraix@webkit.org>
Remove one bit from m_column to pack RenderTableCell bits more
https://bugs.webkit.org/show_bug.cgi?id=85291
Reviewed by Ojan Vafai.
Memory improvement, covered by the existing unit tests.
* rendering/RenderTableCell.cpp:
* rendering/RenderTableCell.h:
Remove one bit from m_column (which should be fine as I wouldn't expect tables above 1 millions
columns to render at all anyway) to pack the bitfields in 32 bits. Re-arranged the bits to have the bigger
bitfield first.
2012-05-01 Anders Carlsson <andersca@apple.com>
Slow scrolling on www.sholby.net
https://bugs.webkit.org/show_bug.cgi?id=85304
<rdar://problem/11138952>
Reviewed by Beth Dakin.
Fix two performance issues that showed up on the profiles.
* loader/FrameLoader.cpp:
(WebCore::FrameLoader::checkLoadCompleteForThisFrame):
Reset the relevant painted object counter; it's only interesting when loading.
* page/Page.cpp:
(WebCore::Page::startCountingRelevantRepaintedObjects):
Set m_isCountingRelevantRepaintedObjects to true after calling reset, since reset now sets it to false.
(WebCore::Page::resetRelevantPaintedObjectCounter):
Set m_isCountingRelevantRepaintedObjects to false.
(WebCore::Page::addRelevantRepaintedObject):
Use HashSet::find to avoid an extra hash lookup.
* page/scrolling/ScrollingCoordinator.cpp:
(WebCore::ScrollingCoordinator::updateMainFrameScrollPositionAndScrollLayerPosition):
Remove the call to FrameView::updateCompositingLayersAfterLayout now, since FrameView::notifyScrollPositionChanged
already calls this and was making us to a lot of work twice.
2012-05-01 Silvia Pfeiffer <silviapf@chromium.org>
Audio controls have a 1px surplus outline coming from RenderImage::paintReplaced base class,
which needs overwriting.
https://bugs.webkit.org/show_bug.cgi?id=84570
Reviewed by Eric Carlson.
No new tests - covered by existing audio rendering tests.
* rendering/RenderMedia.cpp:
(WebCore::RenderMedia::paintReplaced): Overwrite inherited function.
(WebCore):
* rendering/RenderMedia.h:
(RenderMedia):
2012-05-01 Terry Anderson <tdanderson@chromium.org>
Allow a pre-targeted node to be specified when dispatching a GestureTap event
https://bugs.webkit.org/show_bug.cgi?id=85296
Reviewed by Adam Barth.
https://bugs.webkit.org/show_bug.cgi?id=85101
The new parameter will be used and tested in this patch.
* page/EventHandler.cpp:
(WebCore::EventHandler::handleGestureTap):
The new preTargetedNode parameter can be used to pass in the Node that is
the target of the GestureTap event. If this parameter is used, adjustedPoint
is changed to be the center of the Node's bounding rectangle.
* page/EventHandler.h:
(EventHandler):
2012-05-01 Jessie Berlin <jberlin@apple.com>
Crash calling disconnectFrame on a DOMWindowExtension a second time.
https://bugs.webkit.org/show_bug.cgi?id=85301
Reviewed by Darin Adler.
DOMWindowExtension::disconnectFrame assumed it would only be called when there was a frame
to disconnect. However, DOMWindow's destructor invokes disconnectFrame on all its
DOMWindowProperties, even if it already did so when it entered the page cache.
* page/DOMWindowExtension.cpp:
(WebCore::DOMWindowExtension::disconnectFrame):
Don't do anything if the frame has already been disconnected.
2012-05-01 Aaron Colwell <acolwell@chromium.org>
Temporarily remove webkitSourceAddId() & webkitSourceRemoveId() from DOM
until the rest of the Media Source v0.5 methods are implemented. This is
to prevent ambiguity about whether v0.5 is fully supported or not.
https://bugs.webkit.org/show_bug.cgi?id=85295
Reviewed by Eric Carlson.
No new tests. Removing methods from DOM so relevant tests are removed.
* html/HTMLMediaElement.idl:
2012-05-01 Douglas Stockwell <dstockwell@chromium.org>
IndexedDB: stale index entries may not be removed in some cases
https://bugs.webkit.org/show_bug.cgi?id=85224
Reviewed by Ojan Vafai.
Ensure that stale index entries are removed when the corresponding
object store entry no longer exists.
No new tests. Addresses a performance / storage leak that is
not amenable to verification in a layout test.
* Modules/indexeddb/IDBLevelDBBackingStore.cpp:
(WebCore):
2012-05-01 Igor Oliveira <igor.o@sisa.samsung.com>
Use HashMap<OwnPtr> for CounterMap in RenderCounter
https://bugs.webkit.org/show_bug.cgi?id=85294
Reviewed by Eric Seidel.
* rendering/RenderCounter.cpp:
(WebCore):
(WebCore::makeCounterNode):
(WebCore::RenderCounter::destroyCounterNodes):
2012-05-01 Philip Rogers <pdr@google.com>
Skip building instance tree for disallowed target
https://bugs.webkit.org/show_bug.cgi?id=85202
Reviewed by Nikolas Zimmermann.
When the target of a use is disallowed (e.g., a mask element) we can
skip building the instance tree because the shadow tree will be
skipped as well.
Test: svg/custom/animate-disallowed-mask-element.svg
* svg/SVGUseElement.cpp:
(WebCore::SVGUseElement::buildInstanceTree):
2012-04-29 Nikolas Zimmermann <nzimmermann@rim.com>
Accumulation for values-animation is broken
https://bugs.webkit.org/show_bug.cgi?id=85158
Reviewed by Darin Adler.
Example:
<rect width="999" height="100" fill="green"/>
<animate begin="0s" values="0; 30; 20" accumulate="sum" repeatCount="5" dur="2s"/>
</rect>
The rect should animate like this:
0.000s -> 0
0.500s -> 15
1.000s -> 30
1.500s -> 25
1.999s -> 20
2.000s -> 20 (first accumulation, starts accumulating from the last set value, here '20').
2.500s -> 45
3.000s -> 50
3.500s -> 45
3.999s -> 40
4.000s -> 40 (second accumulation)
etc.
This is currently broken for values-animation. The accumulation should happen after a full cycle of the values animation ran (aka. at the end of the duration).
A values animation works like this: iterate over the list of values, and calculate a 'from' and 'to' value for a given time. Example for values="0; 30; 20" dur="2s":
- 0.0s .. 1.0s -> from=0, to=30
- 1.0s .. 2.0s -> from=30, to=20
Accumulation currently is taken into account at each interval for a values-animation instead of the end of the cycle. Fix that
by passing an additional 'toAtEndOfDuration' type to calculateAnimatedValue() which is used for accumulation instead of the
current 'to' value.
Test: svg/animations/accumulate-values-width-animation.html
* svg/SVGAnimateElement.cpp:
(WebCore::SVGAnimateElement::calculateAnimatedValue):
* svg/SVGAnimateElement.h:
(SVGAnimateElement):
* svg/SVGAnimateMotionElement.cpp:
(WebCore::SVGAnimateMotionElement::calculateAnimatedValue):
* svg/SVGAnimateMotionElement.h:
(SVGAnimateMotionElement):
* svg/SVGAnimatedAngle.cpp:
(WebCore::SVGAnimatedAngleAnimator::calculateAnimatedValue):
* svg/SVGAnimatedAngle.h:
(SVGAnimatedAngleAnimator):
* svg/SVGAnimatedBoolean.cpp:
(WebCore::SVGAnimatedBooleanAnimator::calculateAnimatedValue):
* svg/SVGAnimatedBoolean.h:
(SVGAnimatedBooleanAnimator):
* svg/SVGAnimatedColor.cpp:
(WebCore::SVGAnimatedColorAnimator::calculateAnimatedValue):
* svg/SVGAnimatedColor.h:
(SVGAnimatedColorAnimator):
* svg/SVGAnimatedEnumeration.cpp:
(WebCore::SVGAnimatedEnumerationAnimator::calculateAnimatedValue):
* svg/SVGAnimatedEnumeration.h:
(SVGAnimatedEnumerationAnimator):
* svg/SVGAnimatedInteger.cpp:
(WebCore::SVGAnimatedIntegerAnimator::calculateAnimatedInteger):
(WebCore::SVGAnimatedIntegerAnimator::calculateAnimatedValue):
* svg/SVGAnimatedInteger.h:
(SVGAnimatedIntegerAnimator):
* svg/SVGAnimatedIntegerOptionalInteger.cpp:
(WebCore::SVGAnimatedIntegerOptionalIntegerAnimator::calculateAnimatedValue):
* svg/SVGAnimatedIntegerOptionalInteger.h:
(SVGAnimatedIntegerOptionalIntegerAnimator):
* svg/SVGAnimatedLength.cpp:
(WebCore::SVGAnimatedLengthAnimator::calculateAnimatedValue):
* svg/SVGAnimatedLength.h:
(SVGAnimatedLengthAnimator):
* svg/SVGAnimatedLengthList.cpp:
(WebCore::SVGAnimatedLengthListAnimator::calculateAnimatedValue):
* svg/SVGAnimatedLengthList.h:
(SVGAnimatedLengthListAnimator):
* svg/SVGAnimatedNumber.cpp:
(WebCore::SVGAnimatedNumberAnimator::calculateAnimatedValue):
* svg/SVGAnimatedNumber.h:
(SVGAnimatedNumberAnimator):
* svg/SVGAnimatedNumberList.cpp:
(WebCore::SVGAnimatedNumberListAnimator::calculateAnimatedValue):
* svg/SVGAnimatedNumberList.h:
(SVGAnimatedNumberListAnimator):
* svg/SVGAnimatedNumberOptionalNumber.cpp:
(WebCore::SVGAnimatedNumberOptionalNumberAnimator::calculateAnimatedValue):
* svg/SVGAnimatedNumberOptionalNumber.h:
(SVGAnimatedNumberOptionalNumberAnimator):
* svg/SVGAnimatedPath.cpp:
(WebCore::SVGAnimatedPathAnimator::calculateAnimatedValue):
* svg/SVGAnimatedPath.h:
(SVGAnimatedPathAnimator):
* svg/SVGAnimatedPointList.cpp:
(WebCore::SVGAnimatedPointListAnimator::calculateAnimatedValue):
* svg/SVGAnimatedPointList.h:
(SVGAnimatedPointListAnimator):
* svg/SVGAnimatedPreserveAspectRatio.cpp:
(WebCore::SVGAnimatedPreserveAspectRatioAnimator::calculateAnimatedValue):
* svg/SVGAnimatedPreserveAspectRatio.h:
(SVGAnimatedPreserveAspectRatioAnimator):
* svg/SVGAnimatedRect.cpp:
(WebCore::SVGAnimatedRectAnimator::calculateAnimatedValue):
* svg/SVGAnimatedRect.h:
(SVGAnimatedRectAnimator):
* svg/SVGAnimatedString.cpp:
(WebCore::SVGAnimatedStringAnimator::calculateAnimatedValue):
* svg/SVGAnimatedString.h:
(SVGAnimatedStringAnimator):
* svg/SVGAnimatedTransformList.cpp:
(WebCore::SVGAnimatedTransformListAnimator::calculateAnimatedValue):
* svg/SVGAnimatedTransformList.h:
(SVGAnimatedTransformListAnimator):
* svg/SVGAnimatedTypeAnimator.h:
(SVGAnimatedTypeAnimator):
* svg/SVGAnimationElement.cpp:
(WebCore::SVGAnimationElement::currentValuesForValuesAnimation):
(WebCore::SVGAnimationElement::updateAnimation):
* svg/SVGAnimationElement.h:
(WebCore::SVGAnimationElement::animateAdditiveNumber):
(SVGAnimationElement):
2012-05-01 Beth Dakin <bdakin@apple.com>
https://bugs.webkit.org/show_bug.cgi?id=85231
Fixed position objects that are removed from the DOM don't kick off
fixed position recalculation
-and corresponding-
<rdar://problem/11297916>
Reviewed by Darin Adler.
* rendering/RenderBox.cpp:
(WebCore::RenderBox::willBeDestroyed):
2012-05-01 Dana Jansens <danakj@chromium.org>
Early-out for subtracting a non-intersecting region
https://bugs.webkit.org/show_bug.cgi?id=85258
Reviewed by Hajime Morita.
Given regions A and B, if the bounds of the regions do not intersect,
then the regions themselves do not intersect. If the intersection of
A and B is empty, then A subtract B == A.
* platform/graphics/Region.cpp:
(WebCore::Region::subtract):
2012-04-30 Kent Tamura <tkent@chromium.org>
[Chromium/Windows] Add LocalizedDateWin
https://bugs.webkit.org/show_bug.cgi?id=84935
Reviewed by Kentaro Hara.
LocalizedDateICU.cpp doesn't reflect system settings. So there were some
problems such as <input type=date> doesn't use system's date format.
We need to use Windows API to get a date format and calendar parameters.
We obtain a date format like "MM/dd/yy" via Windows API, and
format/parse dates for the format by our own code because Windows API
can't handle years older than 1601 and doesn't have date parsing API.
Unit test: Source/WebKit/chromium/tests/LocaleWinTest.cpp
* WebCore.gypi: Add LocalizedDateWin.cpp.
* WebCore.gyp/WebCore.gyp:
For Windows, remove LocalizedDateICU.cpp and add LocalizedDateWin.cpp.
All of *Win.cpp files are excluded by default.
* platform/text/LocaleWin.cpp: Added.
(WebCore::LocaleWin::LocaleWin):
(WebCore::LocaleWin::create):
(WebCore::LocaleWin::currentLocale):
(WebCore::LocaleWin::~LocaleWin):
(WebCore::LocaleWin::getLocaleInfoString):
A helper function to obtain a string by GetLocaleInfo().
(WebCore::LocaleWin::initializeShortMonthLabels):
Obtain short month names from Windows.
(WebCore::DateFormatToken): A struct to represent a token in a date format.
e.g. A format string "MM/dd/yy" generates five DateFormatToken:
Month2, Literal, Day2, Literal, Year2.
(isEraSymbol): A readability helper function.
(isYearSymbol): ditto.
(isMonthSymbol): ditto.
(isDaySymbol): ditto.
(countContinuousLetters):
(commitLiteralToken): A helper for parseDateFormat().
(parseDateFormat):
Parse a format string, and generate a list of DateFormatToken.
(WebCore::parseNumber): A helper for parseDate().
(WebCore::LocaleWin::parseNumberOrMonth): ditto.
(WebCore::LocaleWin::parseDate):
Parse a user-provided date string by matching with a DateFormatToken list.
(WebCore::appendNumber): A helper for formatDate().
(WebCore::appendTwoDigitsNumber): ditto. Write at least two digits.
(WebCore::appendFourDigitsNumber): ditto. Write at least four digits.
(WebCore::LocaleWin::formatDate):
Format a DateComponents by iterating a DateFormatToken list.
(WebCore::LocaleWin::initializeShortDateTokens):
(WebCore::substituteLabelsIntoFormat):
Creates a user-visible format string by iterating a DateFormatToken list.
(WebCore::LocaleWin::dateFormatText):
(WebCore::LocaleWin::initializeMonthLabels):
Creates month names by Windows API.
(WebCore::LocaleWin::initializeWeekDayShortLabels):
Creates day names by Windows API.
(WebCore::LocaleWin::monthLabels):
Public accessor function for month names.
(WebCore::LocaleWin::weekDayShortLabels):
Public accessor function for day names.
* platform/text/LocaleWin.h: Added.
* platform/text/LocalizedDateWin.cpp:
Added. The following functions simply delegate to LocaleWin::currentLocale().
(WebCore::parseLocalizedDate):
(WebCore::formatLocalizedDate):
(WebCore::localizedDateFormatText):
(WebCore::monthLabels):
(WebCore::weekDayShortLabels):
(WebCore::firstDayOfWeek):
2012-04-30 Kent Tamura <tkent@chromium.org>
REGRESSION(r115600): parseLocalizedDate() should fail for invalid inputs
https://bugs.webkit.org/show_bug.cgi?id=85176
Reviewed by Kentaro Hara.
Test: fast/forms/date/input-date-commit-valid-only.html
* platform/text/mac/LocalizedDateMac.mm:
(WebCore::parseLocalizedDate):
We should check nil for the result of NSDateFormtter::dateFromString.
2012-04-30 Mark Rowe <mrowe@apple.com>
Fix another leak due to misuse of createCFString.
Reviewed by Darin Adler.
* plugins/mac/PluginPackageMac.cpp:
(WebCore::PluginPackage::fetchInfo): Adopt the result of createCFString.
2012-04-30 Mark Rowe <mrowe@apple.com>
<rdar://problem/11312198> Many leaks during fast/events/dropzone-002.html
Reviewed by Darin Adler.
* platform/mac/ClipboardMac.mm:
(WebCore::utiTypeFromCocoaType): Adopt the result of createCFString.
2012-04-30 Mark Rowe <mrowe@apple.com>
<rdar://problem/11352575> Many CGImageRefs leaked during media layout tests
Reviewed by Brian Weinstein.
* platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.mm:
(WebCore::MediaPlayerPrivateAVFoundationObjC::createImageForTimeInRect): Adopt the CGImageRef.
2012-04-30 Emil A Eklund <eae@chromium.org>
Change RenderBoxModelObject::calculateBackgroundImageGeometry to use roundToInt
https://bugs.webkit.org/show_bug.cgi?id=85249
Reviewed by Eric Seidel.
Prepare RenderBoxModelObject for FractionalLayoutUnits by adding rounding
logic to calculateBackgroundImageGeometry. Background images, as all
images, needs to be layed out on pixel boundaries thus we need to convert
it to a integer value.
No new tests, no change in functionality.
* rendering/RenderBoxModelObject.cpp:
(WebCore::RenderBoxModelObject::calculateBackgroundImageGeometry):
2012-04-30 Ilya Sherman <isherman@chromium.org>
Unreviewed, rolling out r113511.
http://trac.webkit.org/changeset/113511https://bugs.webkit.org/show_bug.cgi?id=66032https://bugs.webkit.org/show_bug.cgi?id=85150
Regression: Many autofilled form fields lack the default
autofill background even when authors don’t override the
autofill colors
* css/html.css:
(input:-webkit-autofill): Restore !important modifiers
2012-04-30 Julien Chaffraix <jchaffraix@webkit.org>
Move RenderTableCell's row index to RenderTableRow
https://bugs.webkit.org/show_bug.cgi?id=85229
Reviewed by Ojan Vafai.
Covered by the existing table tests.
Row index is a RenderTableRow concept and as such this change moves
the relevant logic into the class.
While touching the code, renamed row() -> rowIndex() as now RenderTableCell
can return its parent RenderTableRow and we were returning an index, not the row
itself.
* accessibility/AccessibilityTable.cpp:
(WebCore::AccessibilityTable::cellForColumnAndRow):
* accessibility/AccessibilityTableCell.cpp:
(WebCore::AccessibilityTableCell::rowIndexRange):
(WebCore::AccessibilityTableCell::titleUIElement):
* rendering/RenderTable.cpp:
(WebCore::RenderTable::cellAbove):
(WebCore::RenderTable::cellBelow):
(WebCore::RenderTable::cellBefore):
(WebCore::RenderTable::cellAfter):
* rendering/RenderTreeAsText.cpp:
(WebCore::RenderTreeAsText::writeRenderObject):
Updated after the renaming RenderTableCell::row() -> rowIndex().
* rendering/RenderTableCell.cpp:
(WebCore::RenderTableCell::RenderTableCell):
(WebCore::RenderTableCell::computeCollapsedBeforeBorder):
(WebCore::RenderTableCell::computeCollapsedAfterBorder):
Updated after m_rowIndex removal and row() -> rowIndex() renaming.
(WebCore::RenderTableCell::styleDidChange):
Switched the rowWasSet check to an ASSERT. The new logic guarantees that
row index was set straight when we insert the row. The previous logic was
opened to some race conditions as we could wait for a recalcCells call before
setting the index on the rows which made this check necessary.
* rendering/RenderTableCell.h:
(WebCore::RenderTableCell::row):
Added this RenderTableRow getter.
(WebCore::RenderTableCell::rowIndex):
Renamed from row().
* rendering/RenderTableRow.cpp:
(WebCore::RenderTableRow::RenderTableRow):
(WebCore::RenderTableRow::styleDidChange):
Updated after adding m_rowIndex / rowIndex().
* rendering/RenderTableRow.h:
(WebCore::RenderTableRow::setRowIndex):
(WebCore::RenderTableRow::rowIndex):
Added those getter / setter. Also kept m_rowIndex's smaller size
for future optimization and for symmetry with the column index on
RenderTableCell.
* rendering/RenderTableSection.cpp:
(WebCore::RenderTableSection::addChild):
(WebCore::RenderTableSection::recalcCells):
Made sure that whenever we insert or update our row index
we do call setRowIndex().
(WebCore::RenderTableSection::addCell):
This logic now doesn't need to query insertionRow as the cell's
should have the index of the row in which it is inserted.
(WebCore::RenderTableSection::calcRowLogicalHeight):
(WebCore::RenderTableSection::layoutRows):
(WebCore::compareCellPositionsWithOverflowingCells):
More updates after row() -> rowIndex() renaming.
* rendering/RenderTableSection.h:
Removed rowIndexForRenderer now that the row caches this informatin.
2012-04-30 Keishi Hattori <keishi@webkit.org>
datalist: Inconsistent behavior of HTMLInputElement::list
https://bugs.webkit.org/show_bug.cgi?id=84351
Each platform will have a different set of input types that support the datalist UI.
This patch makes shouldRespectListAttribute ask the RenderTheme if it supports datalist UI for that input type.
Thus making it possible to do feature detection with JS.
Reviewed by Kent Tamura.
* WebCore.gypi: Added RenderThemeChromiumCommon.{cpp,h}
* html/ColorInputType.cpp:
(WebCore::ColorInputType::shouldRespectListAttribute):
(WebCore):
* html/ColorInputType.h:
(ColorInputType):
* html/InputType.cpp:
(WebCore::InputType::themeSupportsDataListUI): Static method used by TextFieldInputType, RangeInputType, and ColorInputType.
(WebCore):
* html/InputType.h:
(InputType):
* html/RangeInputType.cpp:
(WebCore::RangeInputType::shouldRespectListAttribute):
* html/TextFieldInputType.cpp:
(WebCore::TextFieldInputType::shouldRespectListAttribute):
* rendering/RenderTheme.h:
(RenderTheme):
(WebCore::RenderTheme::supportsDataListUI): Returns true if the platform can show the datalist suggestions for a given input type.
* rendering/RenderThemeChromiumCommon.cpp: Added.
(WebCore):
(WebCore::RenderThemeChromiumCommon::supportsDataListUI):
* rendering/RenderThemeChromiumCommon.h: Added.
(WebCore):
(RenderThemeChromiumCommon):
* rendering/RenderThemeChromiumMac.h:
(RenderThemeChromiumMac):
* rendering/RenderThemeChromiumMac.mm:
(WebCore::RenderThemeChromiumMac::supportsDataListUI):
(WebCore):
* rendering/RenderThemeChromiumSkia.cpp:
(WebCore::RenderThemeChromiumMac::supportsDataListUI):
(WebCore):
* rendering/RenderThemeChromiumSkia.h:
(RenderThemeChromiumSkia):
2012-04-30 Levi Weintraub <leviw@chromium.org>
RenderObject incorrectly lists maximalOutlineSize as a LayoutUnit
https://bugs.webkit.org/show_bug.cgi?id=85248
Reviewed by Eric Seidel.
Reverting RenderObject::maximalOutlineSize to int. This is a slop value for repaint
rects that doesn't affect layout. It also derives its value from RenderView's function
of the same name, which is already an integer.
No new tests. No change in behavior.
* rendering/RenderObject.cpp:
(WebCore::RenderObject::maximalOutlineSize):
* rendering/RenderObject.h:
(RenderObject):
2012-04-30 Xingnan Wang <xingnan.wang@intel.com>
Add multichannel support for input of JavaScriptAudioNode
https://bugs.webkit.org/show_bug.cgi?id=84687
Reviewed by Chris Rogers.
Tests: webaudio/javascriptaudionode-downmix8-2channel-input.html
webaudio/javascriptaudionode-upmix2-8channel-input.html
* Modules/webaudio/JavaScriptAudioNode.cpp:
(WebCore::JavaScriptAudioNode::create):
(WebCore::JavaScriptAudioNode::JavaScriptAudioNode):
(WebCore::JavaScriptAudioNode::initialize):
(WebCore::JavaScriptAudioNode::process):
* Modules/webaudio/JavaScriptAudioNode.h:
(JavaScriptAudioNode):
2012-04-30 Oliver Hunt <oliver@apple.com>
Harden arithmetic in ImageBufferDataCG
https://bugs.webkit.org/show_bug.cgi?id=61373
Reviewed by Gavin Barraclough.
We have a checked type that allows us to automate many of the
bounds checks we want here, so let's replace the floating point
math, and just use Checked<> throughout. We use a non-recording
Checked<> as no overflows should reach this point, so we'll take
a hard early failure, over the cost of many branches when
accessing the raw values in loops.
* platform/graphics/cg/ImageBufferDataCG.cpp:
(WebCore::ImageBufferData::getData):
(WebCore::ImageBufferData::putData):
2012-04-30 Levi Weintraub <leviw@chromium.org>
Add absoluteValue method for LayoutUnits to allow overloading abs()
https://bugs.webkit.org/show_bug.cgi?id=85214
Reviewed by Eric Seidel.
Adding an absoluteValue free inline function that operates on LayoutUnits, which
allows us to have one function signature for ints or FractionalLayoutUnits. We
can't simply add a FractionalLayoutUnit flavor of abs because it confuses
some compilers due to the implicit FractionalLayoutUnit constructors that take
ints and floats.
No new tests. No change in behavior.
* page/SpatialNavigation.cpp:
(WebCore::distanceDataForNode):
* rendering/LayoutTypes.h:
(WebCore::absoluteValue):
(WebCore):
* rendering/RenderBlockLineLayout.cpp:
(WebCore::RenderBlock::checkPaginationAndFloatsAtEndLine):
* rendering/RenderLineBoxList.cpp:
(WebCore::RenderLineBoxList::rangeIntersectsRect):
* rendering/RenderObject.cpp:
(WebCore::RenderObject::repaintAfterLayoutIfNeeded):
2012-04-30 Levi Weintraub <leviw@chromium.org>
Update LayoutUnit usage in InlineFlowBox and RenderWidget
https://bugs.webkit.org/show_bug.cgi?id=85239
Reviewed by Eric Seidel.
Updating LayoutUnit usage in a pair of remaining functions to minimize the remaining work to switching
to FractionalLayoutUnits for layout instead of integers.
No new tests. No change in behavior.
* rendering/InlineFlowBox.cpp:
(WebCore::InlineFlowBox::placeBoxesInBlockDirection): Though stored as a float, the top is always
set to an integer value. When we move to sub-pixel, we need to preserve this. Not preserving this
behavior affects text decorations, most notably underlines.
* rendering/RenderWidget.cpp:
(WebCore::RenderWidget::updateWidgetGeometry): Adding pixel snapping for the content box if it's
not transformed (absoluteContentBox includes pixel snapping), and properly treating the boundingBox
as an IntRect.
2012-04-30 Levi Weintraub <leviw@chromium.org>
Prepare RenderDeprecatedFlexibleBox for sub-pixel layout
https://bugs.webkit.org/show_bug.cgi?id=85217
Reviewed by Eric Seidel.
Bailing from the space distribution loop in layoutHorizontal/VerticalBox when
the remaining space falls below one pixel. This has no effect in whole-pixel
layout, but avoids unnecessary work/infinite loops in the sub-pixel case.
No new tests. No change in behavior.
* rendering/RenderDeprecatedFlexibleBox.cpp:
(WebCore::RenderDeprecatedFlexibleBox::layoutHorizontalBox):
(WebCore::RenderDeprecatedFlexibleBox::layoutVerticalBox):
2012-04-30 Ryosuke Niwa <rniwa@webkit.org>
NULL ptr in WebCore::Range::getBorderAndTextQuads
https://bugs.webkit.org/show_bug.cgi?id=77218
Reviewed by Eric Seidel.
The crash was caused by a malformed range obtained within an event handler of mutation events
(DOMNodeRemovedFromDocument). Because this range wasn't updated per node removal, range functions
end up not behaving well.
Fixed the bug by changing the order of the notifications in ContainerNode::willRemoveChild.
We now fire mutation events first before updating ranges so that any range created inside those
event handlers can also be updated prior to the actual node removal.
Test: fast/dom/Range/range-created-in-mutation-event-crash.xhtml
* dom/ContainerNode.cpp:
(WebCore::willRemoveChild):
2012-04-30 Anders Carlsson <andersca@apple.com>
ScrollingCoordinator::requestScrollPositionUpdate should not update the main frame scroll position
https://bugs.webkit.org/show_bug.cgi?id=85240
<rdar://problem/11286609>
Reviewed by Sam Weinig.
The call to updateMainFrameScrollPosition was added to make the WebKit2 find overlay work, since it relies
on scroll position updates being synchronous. Change the find code in WebKit2 to handle asynchronous scroll
position updates and remove the call to updateMainFrameScrollPosition.
* page/scrolling/ScrollingCoordinator.cpp:
(WebCore::ScrollingCoordinator::requestScrollPositionUpdate):
2012-04-30 Anders Carlsson <andersca@apple.com>
Add a way to asynchronously call a function once the scroll position of a page has been updated
https://bugs.webkit.org/show_bug.cgi?id=85237
Reviewed by Sam Weinig.
* WebCore.exp.in:
Export functions needed by WebKit2.
* page/scrolling/ScrollingCoordinator.h:
Make commitTreeStateIfNeeded public.
2012-04-30 Kentaro Hara <haraken@chromium.org>
WebGLRenderingContext methods should throw TypeError for not enough arguments
https://bugs.webkit.org/show_bug.cgi?id=84787
Reviewed by Kenneth Russell.
Currently, WebGLRenderingcontext methods implement
"Not enough arguments" error as SyntaxError. The Web IDL
spec requires that it should be TypeError:
http://www.w3.org/TR/WebIDL/#dfn-overload-resolution-algorithm
This patch changes SyntaxError to TypeError.
I wanted to confirm the behavior of Firefox and Opera,
but they do not implement WebGL yet.
Test: fast/canvas/webgl/webgl-exceptions.html
* bindings/js/JSWebGLRenderingContextCustom.cpp:
(WebCore::getObjectParameter):
(WebCore::JSWebGLRenderingContext::getAttachedShaders):
(WebCore::JSWebGLRenderingContext::getExtension):
(WebCore::JSWebGLRenderingContext::getFramebufferAttachmentParameter):
(WebCore::JSWebGLRenderingContext::getParameter):
(WebCore::JSWebGLRenderingContext::getProgramParameter):
(WebCore::JSWebGLRenderingContext::getShaderParameter):
(WebCore::JSWebGLRenderingContext::getUniform):
(WebCore::dataFunctionf):
(WebCore::dataFunctioni):
(WebCore::dataFunctionMatrix):
* bindings/v8/custom/V8WebGLRenderingContextCustom.cpp:
(WebCore::getObjectParameter):
(WebCore::V8WebGLRenderingContext::getAttachedShadersCallback):
(WebCore::V8WebGLRenderingContext::getExtensionCallback):
(WebCore::V8WebGLRenderingContext::getFramebufferAttachmentParameterCallback):
(WebCore::V8WebGLRenderingContext::getParameterCallback):
(WebCore::V8WebGLRenderingContext::getProgramParameterCallback):
(WebCore::V8WebGLRenderingContext::getShaderParameterCallback):
(WebCore::V8WebGLRenderingContext::getUniformCallback):
(WebCore::vertexAttribAndUniformHelperf):
(WebCore::uniformHelperi):
(WebCore::uniformMatrixHelper):
2012-04-30 Emil A Eklund <eae@chromium.org>
[gtk, qt, chromium, win] Fix usage of LayoutUnits and rounding in platform code
https://bugs.webkit.org/show_bug.cgi?id=85222
Reviewed by Eric Seidel.
Update platform code to use the pixel snapped values for painting rects
to line up with device pixels and change platform specific hit testing
code to use roundedPoint as hit testing is still mostly done on integer
bounds.
No new tests, no change in functionality.
* platform/qt/RenderThemeQt.cpp:
(WebCore::RenderThemeQt::paintMediaVolumeSliderTrack):
* platform/win/PopupMenuWin.cpp:
(WebCore::PopupMenuWin::paint):
* rendering/RenderThemeChromiumSkia.cpp:
(WebCore::RenderThemeChromiumSkia::paintSearchFieldCancelButton):
(WebCore::RenderThemeChromiumSkia::paintSearchFieldResultsDecoration):
(WebCore::RenderThemeChromiumSkia::paintSearchFieldResultsButton):
2012-04-30 Kentaro Hara <haraken@chromium.org>
[V8][JSC] Remove hard-coded "Not enough arguments" errors
https://bugs.webkit.org/show_bug.cgi?id=85207
Reviewed by Sam Weinig.
In bug 85022 and bug 85097, we implemented
createNotEnoughArgumentsError() in JSC and
V8Proxy::throwNotEnoughArgumentsError() in V8 and partially
removed hard-coded "Not enough arguments" errors.
This patch removes hard-coded "Not enough arguments"
errors by using the helper methods.
No tests. No change in behavior.
* bindings/js/JSAudioContextCustom.cpp:
(WebCore::JSAudioContextConstructor::constructJSAudioContext):
* bindings/js/JSSVGLengthCustom.cpp:
(WebCore::JSSVGLength::convertToSpecifiedUnits):
* bindings/js/JSWebSocketCustom.cpp:
(WebCore::JSWebSocketConstructor::constructJSWebSocket):
(WebCore::JSWebSocket::send):
* bindings/js/JSXMLHttpRequestCustom.cpp:
(WebCore::JSXMLHttpRequest::open):
* bindings/v8/ScriptController.cpp:
(WebCore::setValueAndClosePopupCallback):
* bindings/v8/custom/V8AudioContextCustom.cpp:
(WebCore::V8AudioContext::constructorCallback):
* bindings/v8/custom/V8SVGLengthCustom.cpp:
(WebCore::V8SVGLength::convertToSpecifiedUnitsCallback):
* bindings/v8/custom/V8WebSocketCustom.cpp:
(WebCore::V8WebSocket::constructorCallback):
(WebCore::V8WebSocket::sendCallback):
* bindings/v8/custom/V8XMLHttpRequestCustom.cpp:
(WebCore::V8XMLHttpRequest::openCallback):
2012-04-30 Benjamin Poulain <benjamin@webkit.org>
Add String::startsWith() and endsWith() for string literals
https://bugs.webkit.org/show_bug.cgi?id=85154
Reviewed by Darin Adler.
Update WebCore to use the simpler startsWith() and endsWith() taking
a UChar.
* css/CSSParser.cpp:
(WebCore::CSSParser::markPropertyEnd):
* css/WebKitCSSKeyframeRule.cpp:
(WebCore::StyleKeyframe::parseKeyString):
* editing/markup.cpp:
(WebCore::createFragmentFromText):
* html/HTMLObjectElement.cpp:
(WebCore::HTMLObjectElement::addSubresourceAttributeURLs):
* html/HTMLTextFormControlElement.cpp:
(WebCore::HTMLTextFormControlElement::setInnerTextValue):
* inspector/ContentSearchUtils.cpp:
(WebCore::ContentSearchUtils::getRegularExpressionMatchesByLines):
* inspector/InspectorCSSAgent.cpp:
(WebCore::InspectorCSSAgent::SetPropertyTextAction::redo):
* loader/MainResourceLoader.cpp:
(WebCore::MainResourceLoader::substituteMIMETypeFromPluginDatabase):
* loader/appcache/ManifestParser.cpp:
(WebCore::parseManifest):
* platform/blackberry/CookieManager.cpp:
(WebCore::CookieManager::shouldRejectForSecurityReason):
* platform/posix/FileSystemPOSIX.cpp:
(WebCore::pathByAppendingComponent):
* plugins/PluginDatabase.cpp:
(WebCore::PluginDatabase::findPlugin):
* svg/SVGStopElement.cpp:
(WebCore::SVGStopElement::parseAttribute):
* svg/animation/SVGSMILElement.cpp:
(WebCore::SVGSMILElement::parseOffsetValue):
(WebCore::SVGSMILElement::parseCondition):
2012-04-30 Abhishek Arya <inferno@chromium.org>
Remove positioned float code.
https://bugs.webkit.org/show_bug.cgi?id=84795
Reviewed by Dan Bernstein.
Backout r92004 and some pieces from r91702.
Test: fast/block/float/positioned-float-crash.html
* css/CSSParser.cpp:
(WebCore::isValidKeywordPropertyAndValue):
* css/CSSPrimitiveValueMappings.h:
(WebCore::CSSPrimitiveValue::CSSPrimitiveValue):
(WebCore::CSSPrimitiveValue::operator EFloat):
* css/CSSValueKeywords.in:
* rendering/RenderBlock.cpp:
(WebCore::RenderBlock::RenderBlock):
(WebCore::RenderBlock::layoutBlock):
(WebCore::RenderBlock::addOverflowFromFloats):
(WebCore::RenderBlock::layoutBlockChild):
(WebCore::RenderBlock::simplifiedLayout):
(WebCore::RenderBlock::layoutPositionedObjects):
(WebCore::RenderBlock::insertFloatingObject):
(WebCore::RenderBlock::positionNewFloats):
(WebCore::RenderBlock::clearFloats):
(WebCore::RenderBlock::FloatingObjects::clear):
(WebCore::RenderBlock::FloatingObjects::increaseObjectsCount):
(WebCore::RenderBlock::FloatingObjects::decreaseObjectsCount):
* rendering/RenderBlock.h:
(RenderBlock):
(WebCore::RenderBlock::forceLayoutInlineChildren):
(FloatingObject):
(WebCore::RenderBlock::FloatingObject::FloatingObject):
(WebCore::RenderBlock::hasOverhangingFloats):
(WebCore::RenderBlock::FloatingObjects::FloatingObjects):
(FloatingObjects):
* rendering/RenderBox.cpp:
(WebCore::RenderBox::updateBoxModelInfoFromStyle):
* rendering/RenderDeprecatedFlexibleBox.cpp:
(WebCore::RenderDeprecatedFlexibleBox::layoutBlock):
* rendering/RenderDeprecatedFlexibleBox.h:
(RenderDeprecatedFlexibleBox):
* rendering/RenderFlexibleBox.cpp:
(WebCore::RenderFlexibleBox::layoutBlock):
* rendering/RenderFlexibleBox.h:
(RenderFlexibleBox):
* rendering/RenderLayer.cpp:
(WebCore::RenderLayer::updateScrollbarsAfterLayout):
* rendering/style/RenderStyleConstants.h:
2012-04-29 Sam Weinig <sam@webkit.org>
Remove BlobBuilder
https://bugs.webkit.org/show_bug.cgi?id=84036
Reviewed by Anders Carlsson.
* GNUmakefile.am:
* fileapi/WebKitBlobBuilder.idl:
* page/DOMWindow.idl:
* workers/WorkerContext.idl:
Make exposing the WebKitBlobBuilder JS object conditional on a new
ENABLE_LEGACY_WEBKIT_BLOB_BUILDER flag. Don't enable this for the Mac,
but do for everyone else.
2012-04-30 Anders Carlsson <andersca@apple.com>
Add a barrier-style dispatch member function to ScrollingThread
https://bugs.webkit.org/show_bug.cgi?id=85228
Reviewed by Sam Weinig.
Add a ScrollingThread::dispatchBarrier function which takes a WTF::Function and dispatches it to the main thread
once all the currently scheduled scrolling thread functions have run. This is to be used for synchronization between the
scrolling thread and the main thread.
* page/scrolling/ScrollingThread.cpp:
(WebCore::callFunctionOnMainThread):
(WebCore):
(WebCore::ScrollingThread::dispatchBarrier):
* page/scrolling/ScrollingThread.h:
(ScrollingThread):
2012-04-30 Min Qin <qinmin@google.com>
Expose a flag so that fullscreen video on android can work with FULLSCREEN_API
https://bugs.webkit.org/show_bug.cgi?id=84414
Reviewed by Darin Fisher.
No tests, just exposing the flag, and will be used by android later.
Sorry, there is a merge error during the previous commit, resolved now
* platform/graphics/MediaPlayer.cpp:
(WebCore::MediaPlayer::setControls):
(WebCore):
(WebCore::MediaPlayer::enterFullscreen):
(WebCore::MediaPlayer::exitFullscreen):
* platform/graphics/MediaPlayer.h:
(MediaPlayer):
* platform/graphics/MediaPlayerPrivate.h:
(MediaPlayerPrivateInterface):
(WebCore::MediaPlayerPrivateInterface::enterFullscreen):
2012-04-30 Nate Chapin <japhet@chromium.org>
Move more of committing and starting to write a Document
to DocumentLoader.
https://bugs.webkit.org/show_bug.cgi?id=83908
Reviewed by Adam Barth.
No new tests, refactor only.
* loader/DocumentLoader.cpp:
(WebCore::DocumentLoader::commitIfReady): Ignore m_gotFirstByte here, since
it was always true here anyway.
(WebCore::DocumentLoader::finishedLoading): If we are finishing an empty
document, create the document now, so that FrameLoaderClient doesn't
have to do it later (FrameLoaderClient code will be removed in a later
patch).
(WebCore::DocumentLoader::commitData): Call receivedFirstData() directly and
do some work receivedFirstData() used to do, setEncoding() only once per
load.
(WebCore::DocumentLoader::receivedData):
(WebCore::DocumentLoader::maybeCreateArchive):
* loader/DocumentLoader.h:
* loader/DocumentWriter.cpp:
(WebCore::DocumentWriter::setEncoding):
* loader/FrameLoader.cpp:
(WebCore::FrameLoader::receivedFirstData): Move DocumentLoader calls
to DocumentLoader.
* loader/FrameLoader.h: Remove m_hasReceivedFirstData and willSetEncoding(),
allow hasReceivedData() to be called directly.
(FrameLoader):
2012-04-30 Kentaro Hara <haraken@chromium.org>
Unreviewed. Fix test crashes in Win/Linux debug builds.
* bindings/v8/V8LazyEventListener.cpp:
(WebCore::V8LazyEventListener::V8LazyEventListener):
(WebCore::V8LazyEventListener::prepareListenerObject):
* bindings/v8/V8LazyEventListener.h:
(V8LazyEventListener):
2012-04-30 Tommy Widenflycht <tommyw@google.com>
MediaStream API: Change LocalMediaStream::stop to be synchronous
https://bugs.webkit.org/show_bug.cgi?id=84942
Reviewed by Dimitri Glazkov.
Since I changed LocalMediaStream to be a ActiveDOMObject recently the stop()
behaviour needs to change since it is no longer a good idea to start a timer when called.
Not possible to write a test for this.
* Modules/mediastream/LocalMediaStream.cpp:
(WebCore::LocalMediaStream::LocalMediaStream):
(WebCore::LocalMediaStream::stop):
* Modules/mediastream/LocalMediaStream.h:
(LocalMediaStream):
2012-04-28 Emil A Eklund <eae@chromium.org> and Levi Weintraub <leviw@chromium.org>
Add ENABLE_SUBPIXEL_LAYOUT controlling FractionalLayoutUnit denominator
https://bugs.webkit.org/show_bug.cgi?id=85146
Reviewed by Eric Seidel.
Add a new flag for controlling the fixed point denominator in
FractionalLayoutUnit. Controls whether the denominator is set to 60 or 1.
Until we change the LayoutUnit typedef this change will have no effect.
No new tests, no change in functionality.
* platform/FractionalLayoutUnit.h:
(WebCore):
(WebCore::FractionalLayoutUnit::operator++):
(WebCore::operator/):
(WebCore::operator+):
Add ++, / double and and + double operators. These are needed when
ENABLE_SUBPIXEL_LAYOUT is not enabled.
* platform/graphics/FractionalLayoutRect.cpp:
(WebCore::enclosingFractionalLayoutRect):
2012-04-30 Justin Schuh <jschuh@chromium.org>
loadOrRedirectSubframe should return the owner element's frame
https://bugs.webkit.org/show_bug.cgi?id=84780
Reviewed by Nate Chapin.
Test: fast/loader/javascript-url-iframe-remove-on-navigate.html
* loader/SubframeLoader.cpp:
(WebCore::SubframeLoader::loadOrRedirectSubframe):
2012-04-30 Caio Marcelo de Oliveira Filho <caio.oliveira@openbossa.org>
Use Vector<Attribute> directly instead of encapsulating it in AttributeVector
https://bugs.webkit.org/show_bug.cgi?id=84413
Reviewed by Andreas Kling.
As commented in https://bugs.webkit.org/show_bug.cgi?id=79963#c16 we do not
usually subclass basic types like Vector. This patch changes code to use
Vector<Attribute> directly and move around the functionality of the former
methods to more specific helper functions or inline code at the callers.
* dom/Element.cpp:
(WebCore::Element::parserSetAttributes):
(WebCore::Element::normalizeAttributes):
* dom/Element.h:
(Element):
* dom/ElementAttributeData.cpp:
* dom/ElementAttributeData.h:
(WebCore::findAttributeInVector):
(WebCore::ElementAttributeData::getAttributeItem):
(ElementAttributeData):
(WebCore::ElementAttributeData::attributeVector):
(WebCore::ElementAttributeData::clonedAttributeVector):
(WebCore::ElementAttributeData::getAttributeItemIndex):
(WebCore):
* html/parser/HTMLConstructionSite.cpp:
(WebCore::HTMLConstructionSite::createHTMLElementFromSavedElement):
* html/parser/HTMLToken.h:
(WebCore::AtomicHTMLToken::AtomicHTMLToken):
* html/parser/HTMLTreeBuilder.cpp:
(WebCore::HTMLTreeBuilder::processFakeStartTag):
(WebCore::HTMLTreeBuilder::attributesForIsindexInput): Loop through the attributes
backwards so we can remove items without affecting the rest of the loop run.
* html/parser/HTMLTreeBuilder.h:
* html/parser/TextDocumentParser.cpp:
(WebCore::TextDocumentParser::insertFakePreElement):
* xml/XMLErrors.cpp:
(WebCore::createXHTMLParserErrorHeader):
(WebCore::XMLErrors::insertErrorMessageBlock):
* xml/parser/MarkupTokenBase.h:
(WebCore::AtomicMarkupTokenBase::AtomicMarkupTokenBase):
(WebCore::AtomicMarkupTokenBase::getAttributeItem):
(WebCore::AtomicMarkupTokenBase::attributes):
(AtomicMarkupTokenBase):
(WebCore::::initializeAttributes):
* xml/parser/XMLToken.h:
(WebCore::AtomicXMLToken::AtomicXMLToken):
2012-04-30 Mark Pilgrim <pilgrim@chromium.org>
[Chromium] Remove PlatformSupport::loadPlatformAudioResource, call loadResource directly
https://bugs.webkit.org/show_bug.cgi?id=85193
Reviewed by Kentaro Hara.
Part of a refactoring series. See tracking bug 82948.
* platform/audio/chromium/AudioBusChromium.cpp:
(WebCore::AudioBus::loadPlatformResource):
* platform/chromium/PlatformSupport.h:
(PlatformSupport):
2012-04-30 Mark Pilgrim <pilgrim@chromium.org>
[Chromium] Call defaultLocale directly
https://bugs.webkit.org/show_bug.cgi?id=85192
Reviewed by Kentaro Hara.
Part of a refactoring series. See tracking bug 82948.
* platform/chromium/LanguageChromium.cpp:
(WebCore::platformLanguage):
* platform/chromium/PlatformSupport.h:
(PlatformSupport):
2012-04-30 Beth Dakin <bdakin@apple.com>
https://bugs.webkit.org/show_bug.cgi?id=82922
border-image with image-set does not render correctly when viewed at
2x
-and corresponding-
<rdar://problem/11167820>
Reviewed by Dan Bernstein.
StyleImage::computeIntrinsicDimensions() is only called from one
place: RenderBoxModelObject::calculateIntrinsicDimensions(), and that
is only used for background images and border images. In my original
image-set work, I decided that
StyleCachedImageSet::computeIntrinsicDimensions() would compute
"intrinsic" dimensions, meaning that they would compute the dimensions
that the image resource was pretending to be rather than the actual
dimensions of the resource. I chose to do this because it made
background images work great without changing the call-site. But border
images need to know the actual intrinsic dimensions, so this design
decision (which was admittedly questionable from the start) won't
stick.
This patch makes StyleImage::computeIntrinsicDimensions() return
actual intrinsic dimensions. Then the border-image and background-
image code is very lightly patched to account for the image's scale
factor.
These functions no longer need the scale factor parameter.
* loader/cache/CachedImage.cpp:
(WebCore::CachedImage::computeIntrinsicDimensions):
* loader/cache/CachedImage.h:
(CachedImage):
* platform/graphics/GeneratedImage.h:
(GeneratedImage):
* platform/graphics/GeneratorGeneratedImage.cpp:
(WebCore::GeneratedImage::computeIntrinsicDimensions):
* platform/graphics/Image.cpp:
(WebCore::Image::computeIntrinsicDimensions):
* platform/graphics/Image.h:
(Image):
* platform/graphics/cg/PDFDocumentImage.cpp:
(WebCore::PDFDocumentImage::computeIntrinsicDimensions):
* platform/graphics/cg/PDFDocumentImage.h:
(PDFDocumentImage):
* svg/graphics/SVGImage.cpp:
(WebCore::SVGImage::computeIntrinsicDimensions):
* svg/graphics/SVGImage.h:
(SVGImage):
* rendering/style/StyleCachedImageSet.cpp:
(WebCore::StyleCachedImageSet::computeIntrinsicDimensions):
New function on StyleImage returns the image's scale factor.
* rendering/style/StyleCachedImageSet.h:
(WebCore::StyleCachedImageSet::imageScaleFactor):
* rendering/style/StyleImage.h:
(WebCore::StyleImage::imageScaleFactor):
Scale the intrinsic size of the background image down by the scale
factor.
* rendering/RenderBoxModelObject.cpp:
(WebCore::RenderBoxModelObject::calculateFillTileSize):
Slices should be multiplied by the image's scale factor since they are
always expected to the specified in the 1x image's coordinate space.
(WebCore::RenderBoxModelObject::paintNinePieceImage):
2012-04-30 Arko Saha <arko@motorola.com>
Remove custom bindings code in JSHTMLCollectionCustom.cpp for HTMLPropertiesCollection.
https://bugs.webkit.org/show_bug.cgi?id=85172
Reviewed by Kentaro Hara.
Use [JSGenerateToJSObject] in HTMLPropertiesCollection.idl, so that it can generate toJS()
in JSHTMLPropertiesCollection.cpp automatically.
* bindings/js/JSHTMLCollectionCustom.cpp:
(WebCore::toJS):
* html/HTMLPropertiesCollection.idl:
2012-04-30 No'am Rosenthal <noam.rosenthal@nokia.com>
[Texmap] TextureMapperLayer uses intermediate surfaces too eagerly
https://bugs.webkit.org/show_bug.cgi?id=85103
Reviewed by Kenneth Rohde Christiansen.
Instead of automatically using an intermediate surface for layers with opacity and
children, we limit surface usage for layers with more than one child and for layers with
one child and contents of its own.
This prevents us from using intermediate surfaces in cases where a single layer with
opacity has a single descendant with content, in which case normal blending can be used.
Covered by existing compositing layout tests.
* platform/graphics/texmap/TextureMapperLayer.cpp:
(WebCore):
* platform/graphics/texmap/TextureMapperLayer.h:
2012-04-30 Yi Shen <yi.4.shen@nokia.com>
Inserting a paragraph between quoted lines in editing/deleting/delete-4038408-fix.html doesn't work
https://bugs.webkit.org/show_bug.cgi?id=78193
Reviewed by Ryosuke Niwa.
When pasting a copied portion of a blockquote with a newline at the end into an unquoted area,
the newline is inserted after the blockquote since we don't want it also to be quoted. However,
this behavior has also applied when we insert a paragraph between quoted lines, which is incorrect.
To figure out the right place to insert a paragraph, we need providing more information to the
InsertParagraphSeparatorCommand by introducing a boolean parameter "pasteBlockqutoeIntoUnquotedArea".
Tests: editing/inserting/insert-paragraph-separator-in-blockquote.html
editing/pasteboard/paste-wrapped-blockquote-into-nonblockquote.html
* editing/CompositeEditCommand.cpp:
(WebCore::CompositeEditCommand::insertParagraphSeparator):
* editing/CompositeEditCommand.h:
(CompositeEditCommand):
* editing/InsertParagraphSeparatorCommand.cpp:
(WebCore::InsertParagraphSeparatorCommand::InsertParagraphSeparatorCommand):
(WebCore::InsertParagraphSeparatorCommand::doApply):
* editing/InsertParagraphSeparatorCommand.h:
(WebCore::InsertParagraphSeparatorCommand::create):
(InsertParagraphSeparatorCommand):
* editing/ReplaceSelectionCommand.cpp:
(WebCore::ReplaceSelectionCommand::doApply):
2012-04-30 Antti Koivisto <antti@apple.com>
Protect current element in HTMLLinkElement::setCSSStyleSheet
https://bugs.webkit.org/show_bug.cgi?id=85166
Reviewed by Andreas Kling.
Stylesheet loading can trigger script execution.
Test: fast/css/cached-sheet-restore-crash.html
* html/HTMLLinkElement.cpp:
(WebCore::HTMLLinkElement::setCSSStyleSheet):
2012-04-29 Keishi Hattori <keishi@webkit.org>
Build fix for LocalizedDateMac.mm
https://bugs.webkit.org/show_bug.cgi?id=85164
Reviewed by Kent Tamura.
* platform/text/mac/LocalizedDateMac.mm:
(WebCore::monthLabels):
2012-04-29 Luke Macpherson <macpherson@chromium.org>
Initialize member variables in CSSParser's constructor.
https://bugs.webkit.org/show_bug.cgi?id=84377
Reviewed by Kentaro Hara.
It is good practice not to leave member variables uninitialized. They make debugging more difficult by reducing
repeatability, and in some cases lead to the possibility of information leakage occuring. This patch simply adds
initialization of m_numParsedPropertiesBeforeMarginBox to CSSParser's constructor to INVALID_NUM_PARSED_PROPERTIES
so that the initial state is the same as the state after the properties are cleared.
No tests added because this is a code style fix, not an actual bug so long as the bison generated code calls
startDeclarationsForMarginBox() and endDeclarationsForMarginBox() symmetrically. The lack of initialization was
originally detected by coverity.
* css/CSSParser.cpp:
(WebCore::CSSParser::CSSParser):
2012-04-29 Kent Tamura <tkent@chromium.org>
[Mac] Add LocalizedDateMac
https://bugs.webkit.org/show_bug.cgi?id=85039
Reviewed by Kentaro Hara.
A date shown <input type=date> should be formatted for user's OS
settings. Chromium-Mac used LocalizedDateICU.cpp to format/parse visible
date strings and it didn't reflect user-settings.
Test: covered by fast/forms/date/date-appearance.html
* WebCore.gyp/WebCore.gyp:
Use LocalizedDateMac.mm for OS X instead of LocalizedDateICU.cpp.
* WebCore.gypi: Add LocalizedDateMac.mm
* platform/text/mac/LocalizedDateMac.mm: Added.
(WebCore::createShortDateFormatter):
Creates a NSDateFormatter with desired settings.
(WebCore::parseLocalizedDate): Impelment for tyep=date.
(WebCore::formatLocalizedDate): ditto.
(WebCore::isYearSymbol): A readability helper for format string parsing.
(WebCore::isMonthSymbol): ditto.
(WebCore::isDaySymbol): ditto.
(WebCore::localizeDateFormat):
Parse a format string, and replace symbols with user-friendly labels.
(WebCore::localizedDateFormatText):
Gets a format string, and apply localizeDateFormat().
(WebCore::monthLabels): Obtain month names from the system.
(WebCore::weekDayShortLabels): Obtain week day symbols from the system.
(WebCore::firstDayOfWeek): Obtain first day of week from the system.
* platform/text/ICULocale.cpp:
(WebCore::createFallbackMonthLabels): Uses WTF::monthFullName.
2012-04-29 Sam Weinig <sam@webkit.org>
Add support for the Blob constructor (Part 2)
https://bugs.webkit.org/show_bug.cgi?id=84555
Address additional feedback on Blob construction.
- Add exception when the dictionary is not an object.
- Ensure the proper ordering of dictionary access. Tested via
throwing exceptions in toString, and ensuring correct one is
fired first.
- Changed type of exception throw for invalid enumeration to a
TypeError.
Reviewed by Kentaro Hara.
Updated fast/files/blob-constructor.html to be more comprehensive.
* bindings/js/JSBlobCustom.cpp:
(WebCore::JSBlobConstructor::constructJSBlob):
* bindings/v8/custom/V8BlobCustom.cpp:
(WebCore::V8Blob::constructorCallback):
2012-04-29 No'am Rosenthal <noam.rosenthal@nokia.com>
[Texmap] Leaves demo: wrong geometry when opacity animation kicks in
https://bugs.webkit.org/show_bug.cgi?id=85096
Reviewed by Kenneth Rohde Christiansen.
We should use combined() instead of combinedForChildren() since we don't allow
intermediate surfaces for preserves-3d. Also, we should apply the offset before
multiplying the transforms, otherwise the transform-origin is incorrect.
Covered by existing compositing tests.
* platform/graphics/texmap/TextureMapperLayer.cpp:
(WebCore::TextureMapperLayer::paintSelf):
(WebCore::TextureMapperLayer::paintRecursive):
2012-04-29 Mark Pilgrim <pilgrim@chromium.org>
[Chromium] Call highUsageDeltaMB directly
https://bugs.webkit.org/show_bug.cgi?id=84844
Reviewed by Kentaro Hara.
Part of a refactoring series. See tracking bug 82948.
* bindings/v8/V8GCController.cpp:
(WebCore::V8GCController::checkMemoryUsage):
* platform/MemoryUsageSupport.cpp:
(WebCore):
(WebCore::MemoryUsageSupport::highUsageDeltaMB):
* platform/MemoryUsageSupport.h:
(MemoryUsageSupport):
* platform/chromium/MemoryUsageSupportChromium.cpp:
(WebCore::MemoryUsageSupport::highUsageDeltaMB):
(WebCore):
* platform/chromium/PlatformSupport.h:
(PlatformSupport):
2012-04-29 Kentaro Hara <haraken@chromium.org>
REGRESSION(r113086): onresize event handler can be deleted in popup window
https://bugs.webkit.org/show_bug.cgi?id=84908
Reviewed by Ojan Vafai.
In a nutshell, an onresize event handler in the popup window
can be non-deterministically deleted. For more details, please
look at Chromium issue 123642:
http://code.google.com/p/chromium/issues/detail?id=123642
I confirmed that this bug is the regression caused by r113086.
r113086 introduced the following code:
void V8LazyEventListener::prepareListenerObject(...) {
if (hasExistingListenerObject())
return;
...;
// Since we only parse once, there's no need to keep data
// used for parsing around anymore.
m_functionName = String();
m_code = String();
m_eventParameterName = String();
m_sourceURL = String();
setListenerObject(wrappedFunction);
}
This is not correct. The parsing can be done more than once,
and thus we cannot clear data. This patch removes the above code.
Consider the following situation:
(1) Assume '<body onresize="f()"></body>'.
(2) prepareListenerObject() runs.
(3) Since this is the first parsing, hasExistingListenerObject()
returns false. After the parsing, the listener object is set
by setListenerObject().
(4) GC runs. Since there is no strong reference to the listener
object, weakEventListenerCallback() is called back, and the listener
object is disposed.
(5) A resize event is triggered.
(6) prepareListenerObject() is called again. Since the listener object
is already disposed, hasExistingListenerObject() returns false,
and the second parsing starts.
In my investigation, the above situation is happening in the reported
Chromium bug. Anyway, I am sure that potentially the parsing can be
done more than once, and thus we must keep m_xxxx data.
However, this is just a temporary fix. We should fix the code so that
an alive event listener object is never reclaimed.
See https://bugs.webkit.org/show_bug.cgi?id=85152 for more details.
No tests: I tried hard to create a DRT test, but could not.
The bug depends on the behavior of GC, and thus the reported bug is
non-deterministic. For example, (as explained in the Chromium issue,)
the bug does not happen if we load an HTML from network because
the network latency hides the bug. Also the bug happens in the
popup window only. If we open the reported HTML in the main window,
we cannot reproduce the bug.
* bindings/v8/V8LazyEventListener.cpp:
(WebCore::V8LazyEventListener::prepareListenerObject):
2012-04-28 Sam Weinig <sam@webkit.org>
Smooth scrolling needs a new key
<rdar://problem/11331632>
Reviewed by Geoffrey Garen.
* platform/mac/ScrollAnimatorMac.mm:
(WebCore::scrollAnimationEnabledForSystem):
(WebCore::ScrollAnimatorMac::scroll):
Update for new key.
2012-04-28 Li Yin <li.yin@intel.com>
MessagePort must set m_closed to be true at the end of MessagePort::close function
https://bugs.webkit.org/show_bug.cgi?id=85139
In the function MessagePort::close, the "m_closed = true" must be executed at the end, not at the beginning.
Or, the m_entangledChannel->close() will not be executed.
And it resulted in the failure of MS bench mark messagechannel_close.htm.
http://samples.msdn.microsoft.com/ietestcenter/WebWorkers/messagechannel_close.htm
Reviewed by Kentaro Hara.
Test: fast/events/message-port-close.html
* dom/MessagePort.cpp:
(WebCore::MessagePort::close):
2012-04-28 Sam Weinig <sam@webkit.org>
And again.
* bindings/v8/custom/V8BlobCustom.cpp:
(WebCore::V8Blob::constructorCallback):
2012-04-28 Sam Weinig <sam@webkit.org>
Once again, try to make these puppies work.
* bindings/v8/custom/V8BlobCustom.cpp:
2012-04-28 Sam Weinig <sam@webkit.org>
Fix the Chromium build.
* bindings/v8/custom/V8BlobCustom.cpp:
(WebCore::V8Blob::constructorCallback):
2012-04-27 Sam Weinig <sam@webkit.org>
Add support for the Blob constructor
https://bugs.webkit.org/show_bug.cgi?id=84555
Reviewed by Maciej Stachowiak.
Test: fast/files/blob-constructor.html
This adds an implementation of the Blob constructor that willfully
violates the W3C Editor’s Draft 29 February 2012 in the following ways:
- Elements in the parts array are coerced to DOMStrings https://www.w3.org/Bugs/Public/show_bug.cgi?id=16721
- Don't throw for invalid key in the dictionary https://www.w3.org/Bugs/Public/show_bug.cgi?id=16727
- Values for the endings property are treated as enums https://www.w3.org/Bugs/Public/show_bug.cgi?id=16729
* bindings/js/JSBlobCustom.cpp:
(WebCore::JSBlobConstructor::constructJSBlob):
Implement blob constructor.
* bindings/v8/custom/V8BlobCustom.cpp:
(WebCore::V8Blob::constructorCallback):
Implement blob constructor.
* fileapi/Blob.idl:
Add constructor to IDL.
* workers/WorkerContext.idl:
Add Blob constructor to the worker global object.
2012-04-28 Igor Oliveira <igor.o@sisa.samsung.com>
Move PropertyWrapper out of the AnimationBase
https://bugs.webkit.org/show_bug.cgi?id=84978
Reviewed by Dean Jackson.
AnimationBase is a complex class. It has a state machine and a bunch of
property handlers. This patch moves the property handlers to a separate
class making AnimationBase simpler.
* CMakeLists.txt:
* GNUmakefile.list.am:
* Target.pri:
* WebCore.gypi:
* WebCore.vcproj/WebCore.vcproj:
* WebCore.xcodeproj/project.pbxproj:
* page/animation/AnimationBase.cpp:
* page/animation/AnimationBase.h:
(AnimationBase):
* page/animation/AnimationController.cpp:
(WebCore::AnimationController::supportsAcceleratedAnimationOfProperty):
* page/animation/CSSPropertyAnimation.cpp: Added.
(WebCore):
(WebCore::blendFunc):
(WebCore::crossfadeBlend):
(AnimationPropertyWrapperBase):
(WebCore::AnimationPropertyWrapperBase::AnimationPropertyWrapperBase):
(WebCore::AnimationPropertyWrapperBase::~AnimationPropertyWrapperBase):
(WebCore::AnimationPropertyWrapperBase::isShorthandWrapper):
(WebCore::AnimationPropertyWrapperBase::property):
(WebCore::AnimationPropertyWrapperBase::animationIsAccelerated):
(WebCore::addPropertyWrapper):
(WebCore::wrapperForProperty):
(PropertyWrapperGetter):
(WebCore::PropertyWrapperGetter::PropertyWrapperGetter):
(WebCore::PropertyWrapperGetter::equals):
(PropertyWrapper):
(WebCore::PropertyWrapper::PropertyWrapper):
(WebCore::PropertyWrapper::blend):
(RefCountedPropertyWrapper):
(WebCore::RefCountedPropertyWrapper::RefCountedPropertyWrapper):
(WebCore::RefCountedPropertyWrapper::blend):
(StyleImagePropertyWrapper):
(WebCore::StyleImagePropertyWrapper::StyleImagePropertyWrapper):
(WebCore::StyleImagePropertyWrapper::equals):
(PropertyWrapperColor):
(WebCore::PropertyWrapperColor::PropertyWrapperColor):
(WebCore::PropertyWrapperColor::blend):
(PropertyWrapperAcceleratedOpacity):
(WebCore::PropertyWrapperAcceleratedOpacity::PropertyWrapperAcceleratedOpacity):
(WebCore::PropertyWrapperAcceleratedOpacity::animationIsAccelerated):
(WebCore::PropertyWrapperAcceleratedOpacity::blend):
(PropertyWrapperAcceleratedTransform):
(WebCore::PropertyWrapperAcceleratedTransform::PropertyWrapperAcceleratedTransform):
(WebCore::PropertyWrapperAcceleratedTransform::animationIsAccelerated):
(WebCore::PropertyWrapperAcceleratedTransform::blend):
(PropertyWrapperAcceleratedFilter):
(WebCore::PropertyWrapperAcceleratedFilter::PropertyWrapperAcceleratedFilter):
(WebCore::PropertyWrapperAcceleratedFilter::animationIsAccelerated):
(WebCore::PropertyWrapperAcceleratedFilter::blend):
(WebCore::shadowListLength):
(WebCore::shadowForBlending):
(PropertyWrapperShadow):
(WebCore::PropertyWrapperShadow::PropertyWrapperShadow):
(WebCore::PropertyWrapperShadow::equals):
(WebCore::PropertyWrapperShadow::blend):
(WebCore::PropertyWrapperShadow::blendSimpleOrMatchedShadowLists):
(WebCore::PropertyWrapperShadow::blendMismatchedShadowLists):
(PropertyWrapperMaybeInvalidColor):
(WebCore::PropertyWrapperMaybeInvalidColor::PropertyWrapperMaybeInvalidColor):
(WebCore::PropertyWrapperMaybeInvalidColor::equals):
(WebCore::PropertyWrapperMaybeInvalidColor::blend):
(PropertyWrapperVisitedAffectedColor):
(WebCore::PropertyWrapperVisitedAffectedColor::PropertyWrapperVisitedAffectedColor):
(WebCore::PropertyWrapperVisitedAffectedColor::equals):
(WebCore::PropertyWrapperVisitedAffectedColor::blend):
(FillLayerAnimationPropertyWrapperBase):
(WebCore::FillLayerAnimationPropertyWrapperBase::FillLayerAnimationPropertyWrapperBase):
(WebCore::FillLayerAnimationPropertyWrapperBase::~FillLayerAnimationPropertyWrapperBase):
(FillLayerPropertyWrapperGetter):
(WebCore::FillLayerPropertyWrapperGetter::FillLayerPropertyWrapperGetter):
(WebCore::FillLayerPropertyWrapperGetter::equals):
(FillLayerPropertyWrapper):
(WebCore::FillLayerPropertyWrapper::FillLayerPropertyWrapper):
(WebCore::FillLayerPropertyWrapper::blend):
(FillLayerRefCountedPropertyWrapper):
(WebCore::FillLayerRefCountedPropertyWrapper::FillLayerRefCountedPropertyWrapper):
(WebCore::FillLayerRefCountedPropertyWrapper::blend):
(FillLayerStyleImagePropertyWrapper):
(WebCore::FillLayerStyleImagePropertyWrapper::FillLayerStyleImagePropertyWrapper):
(WebCore::FillLayerStyleImagePropertyWrapper::equals):
(FillLayersPropertyWrapper):
(WebCore::FillLayersPropertyWrapper::FillLayersPropertyWrapper):
(WebCore::FillLayersPropertyWrapper::equals):
(WebCore::FillLayersPropertyWrapper::blend):
(ShorthandPropertyWrapper):
(WebCore::ShorthandPropertyWrapper::ShorthandPropertyWrapper):
(WebCore::ShorthandPropertyWrapper::isShorthandWrapper):
(WebCore::ShorthandPropertyWrapper::equals):
(WebCore::ShorthandPropertyWrapper::blend):
(WebCore::ShorthandPropertyWrapper::propertyWrappers):
(PropertyWrapperFlex):
(WebCore::PropertyWrapperFlex::PropertyWrapperFlex):
(WebCore::PropertyWrapperFlex::equals):
(WebCore::PropertyWrapperFlex::blend):
(PropertyWrapperSVGPaint):
(WebCore::PropertyWrapperSVGPaint::PropertyWrapperSVGPaint):
(WebCore::PropertyWrapperSVGPaint::equals):
(WebCore::PropertyWrapperSVGPaint::blend):
(WebCore::addShorthandProperties):
(WebCore::CSSPropertyAnimation::ensurePropertyMap):
(WebCore::gatherEnclosingShorthandProperties):
(WebCore::CSSPropertyAnimation::blendProperties):
(WebCore::CSSPropertyAnimation::animationOfPropertyIsAccelerated):
(WebCore::CSSPropertyAnimation::animatableShorthandsAffectingProperty):
(WebCore::CSSPropertyAnimation::propertiesEqual):
(WebCore::CSSPropertyAnimation::getPropertyAtIndex):
(WebCore::CSSPropertyAnimation::getNumProperties):
* page/animation/CSSPropertyAnimation.h: Added.
(WebCore):
(CSSPropertyAnimation):
* page/animation/CompositeAnimation.cpp:
(WebCore::CompositeAnimation::updateTransitions):
(WebCore::CompositeAnimation::pauseTransitionAtTime):
* page/animation/ImplicitAnimation.cpp:
(WebCore::ImplicitAnimation::animate):
(WebCore::ImplicitAnimation::getAnimatedStyle):
(WebCore::ImplicitAnimation::isTargetPropertyEqual):
(WebCore::ImplicitAnimation::blendPropertyValueInStyle):
(WebCore::ImplicitAnimation::timeToNextService):
* page/animation/KeyframeAnimation.cpp:
(WebCore::KeyframeAnimation::animate):
(WebCore::KeyframeAnimation::getAnimatedStyle):
(WebCore::KeyframeAnimation::timeToNextService):
* rendering/style/RenderStyle.h:
2012-04-28 Geoffrey Garen <ggaren@apple.com>
Clarified JSGlobalData (JavaScript VM) lifetime
https://bugs.webkit.org/show_bug.cgi?id=85142
Reviewed by Anders Carlsson.
* bindings/js/WorkerScriptController.cpp:
(WebCore::WorkerScriptController::~WorkerScriptController): Slightly
simpler than before. We can't just rely on our default destructor
because we need to hold the JSLock when we tear down the VM.
* bridge/NP_jsobject.cpp:
(_NPN_InvokeDefault):
(_NPN_Invoke):
(_NPN_Evaluate):
(_NPN_Construct): Don't RefPtr<> the JSGlobalData because it makes it
seem like you know something the rest of our code doesn't know. The
plugin JSGlobalData is immortal, anyway.
I also removed some timeout checker related code because that feature
doesn't work anymore, so it was effectively dead code.
2012-04-28 Ilya Tikhonovsky <loislo@chromium.org>
Web Inspector: InspectorFrontendHost.append has to be implemented for saving heap snapshots.
https://bugs.webkit.org/show_bug.cgi?id=85137
We can save a file with help of InspectorFrontendHost.save method,
but it is suitable only for relatively small portions of data and
can't process the 6Gb heap snapshot.
These methods just pass the url and content into embedder.
Reviewed by Yury Semikhatsky.
* inspector/InspectorFrontendClient.h:
(InspectorFrontendClient):
* inspector/InspectorFrontendClientLocal.h:
(WebCore::InspectorFrontendClientLocal::append):
* inspector/InspectorFrontendHost.cpp:
(WebCore::InspectorFrontendHost::append):
(WebCore):
* inspector/InspectorFrontendHost.h:
(InspectorFrontendHost):
* inspector/InspectorFrontendHost.idl:
2012-04-28 No'am Rosenthal <noam.rosenthal@nokia.com>
[Qt][Texmap] Error of cross-compiling webkit with Qt 4.8.1
https://bugs.webkit.org/show_bug.cgi?id=84321
Speculative build-fix for Qt 4.8.
Use QGLContext for Qt 4.x instead of the platform-specific context.
Reviewed by Simon Hausmann.
No new tests, build fix.
* platform/graphics/texmap/TextureMapperGL.cpp:
(SharedGLData):
(WebCore::TextureMapperGLData::SharedGLData::getCurrentGLContext):
2012-04-28 No'am Rosenthal <noam.rosenthal@nokia.com>
[Texmap] Falling leaves demo missing opacity fade out animation
https://bugs.webkit.org/show_bug.cgi?id=83691
Reviewed by Martin Robinson.
The bug originated from clearing an intermediate surface with glClear while the scissor
state was wrong.
When using intermediate surfaces, maintain a clip-stack for each surface, rather than
a single clip-stack for the whole scene. When a surface is bound, its clip stack should
be applied.
Covered by existing compositing tests.
* platform/graphics/texmap/TextureMapperGL.cpp:
(SharedGLData):
(WebCore::TextureMapperGL::ClipStack::push):
(WebCore):
(WebCore::TextureMapperGL::ClipStack::pop):
(WebCore::scissorClip):
(WebCore::TextureMapperGL::ClipStack::apply):
(WebCore::TextureMapperGL::clipStack):
(WebCore::TextureMapperGL::beginPainting):
(WebCore::TextureMapperGL::drawTexture):
(WebCore::BitmapTextureGL::didReset):
(WebCore::BitmapTextureGL::clearIfNeeded):
(WebCore::BitmapTextureGL::createFboIfNeeded):
(WebCore::BitmapTextureGL::bind):
(WebCore::TextureMapperGL::bindDefaultSurface):
(WebCore::TextureMapperGL::bindSurface):
(WebCore::TextureMapperGL::beginScissorClip):
(WebCore::TextureMapperGL::beginClip):
(WebCore::TextureMapperGL::endClip):
* platform/graphics/texmap/TextureMapperGL.h:
(TextureMapperGL):
(ClipState):
(WebCore::TextureMapperGL::ClipState::ClipState):
(ClipStack):
(WebCore::TextureMapperGL::ClipStack::current):
(WebCore::TextureMapperGL::ClipStack::clear):
(BitmapTextureGL):
(WebCore::BitmapTextureGL::BitmapTextureGL):
2012-04-26 Emil A Eklund <eae@chromium.org> and Levi Weintraub <leviw@chromium.org>
Move Length and CSS length computation to float
https://bugs.webkit.org/show_bug.cgi?id=84801
Reviewed by Eric Seidel.
Change Length and CSS length computation to floating point. This gets us
closer to the goal of supporting subpixel layout and improves precision
for SVG which already uses floating point for its layout.
This change makes computedStyle return fractional values for pixel values
if a fraction is specified. It also changes the result of computations
where two or more values with fractional precision. Prior to this change
the result of Length(2.9) + Length(2.9) would be 4 as each value would be
floored. With this change the result is 5 as the addition is done with
floating point precision and then the result will be floored. Once we
enable subpixel layout the resulting value in this example would be 5.8.
Updated existing layout tests.
* css/CSSComputedStyleDeclaration.cpp:
(WebCore::zoomAdjustedPixelValue):
* css/CSSPrimitiveValue.cpp:
(WebCore::CSSPrimitiveValue::computeLength):
* css/CSSPrimitiveValue.h:
(WebCore):
(WebCore::roundForImpreciseConversion):
Add specialized float version of roundForImpreciseConversion that matches
the int versions rounding logic.
If a value is sufficiently close to the next integer round it up to
ensure that a style rule such as "width: 4.999px" evaluates to 5px
instead of 4px. This is needed as, although Lengths are using floating
point, the layout system still uses integer precision and floors the
Length values.
This will change once we move to FractionalLayoutUnits but for now this
is needed to ensure compatibility with the existing system and tests.
Without this specialized rounding logic we fail a handful of tests
including acid3.
* platform/Length.h:
(WebCore::Length::value):
(Length):
(WebCore::Length::intValue):
* rendering/RenderTableCell.cpp:
(WebCore::RenderTableCell::styleOrColLogicalWidth):
2012-04-28 Alexander Pavlov <apavlov@chromium.org>
Web Inspector: Enable touch events feature fails touch feature detection
https://bugs.webkit.org/show_bug.cgi?id=84397
Whenever the touch emulation is enabled, Inspector adds a script to evaluate on load,
that adds ontouch(start|end|move|cancel) properties to window.__proto__ and document.__proto__.
Reviewed by Pavel Feldman.
* inspector/front-end/DOMAgent.js:
(WebInspector.DOMAgent.prototype._emulateTouchEventsChanged.get if):
(WebInspector.DOMAgent.prototype._emulateTouchEventsChanged.scriptAddedCallback):
(WebInspector.DOMAgent.prototype._emulateTouchEventsChanged):
* inspector/front-end/inspector.js:
2012-04-28 Eugene Klyuchnikov <eustas.bug@gmail.com>
Web Inspector: Shortcuts screen UI polish
https://bugs.webkit.org/show_bug.cgi?id=84708
1) remove inconsistent shadow;
2) reduce border radius;
3) vertically center the “X” button;
4) replace unreadable symbolic shortcuts with text;
5) gaps / colors / opacity adjustments;
6) section-to-column distribution algorithm is replaced with a fair one.
Reviewed by Pavel Feldman.
This is a UI polising patch, so no new tests added.
* English.lproj/localizedStrings.js: added keyboars arrow keys items
* inspector/front-end/KeyboardShortcut.js: replace unreadable symbolic shortcuts with text
* inspector/front-end/ShortcutsScreen.js:
(WebInspector.ShortcutsScreen):
(WebInspector.ShortcutsScreen.prototype.show): remove redundant parameter
(WebInspector.ShortcutsScreen.prototype._buildTable): change section distributing algorithm
(WebInspector.ShortcutsSection.prototype.renderSection): render colon with margins
(WebInspector.ShortcutsSection.prototype._renderHeader): apply classname to th elements
* inspector/front-end/helpScreen.css:
(.help-window-main): reduce radius, remove shadow; tune color and opacity
(.help-window-caption): fix spacing; add ruler
(.help-window-title): fix spacing; remove ruler
(.help-content): fix spacing
(.help-close-button): fix spacing; adjust background color
(.help-column-table): fix spacing
(.help-table > tr > th): fix color
(.help-key): fix color
(.help-combine-keys, .help-key-delimiter): extract common style
(.help-combine-keys): remove dupe
(.help-section-title): add space between sections
2012-04-28 Noel Gordon <noel.gordon@gmail.com>
Remove PlatformTouchPointQt.cpp PlatformTouchEventQt.cpp from the gyp projects
https://bugs.webkit.org/show_bug.cgi?id=85132
Unreviewed VS2010 gyp project generation fix.
PlatformTouchPointQt.cpp and PlatformTouchEventQt.cpp were removed in r115312,
so remove them from the gyp projects.
* WebCore.gypi:
2012-04-28 Nikolas Zimmermann <nzimmermann@rim.com>
<animateTransform type="scale"> should use '0' as effective from value not '1', if no base value is specified and from is not given
https://bugs.webkit.org/show_bug.cgi?id=85133
It should start from scale=0. I had that fixed before, but it got lost during merging. Restore the fix.
See bug 85051, for more context why this is correct.
Tests: svg/animations/animateTransform-by-scale-1-expected.svg
svg/animations/animateTransform-by-scale-1.svg
* svg/SVGAnimatedTransformList.cpp:
(WebCore::SVGAnimatedTransformListAnimator::calculateAnimatedValue):
2012-04-28 Nikolas Zimmermann <nzimmermann@rim.com>
SVGAnimateColorElement doesn't support by/to animations properly
https://bugs.webkit.org/show_bug.cgi?id=36704
Reviewed by Antti Koivisto.
Switch AnimatedColorAnimator to use the standard animateAdditiveNumber() method, taking progress & repeatCount into account.
This gives us accumulation/repeatCount support for free.
We just animate the four color components on their own now and clamp once at the end after addition/accumulation finished.
Import <animateColor> tests from Dr. Olaf Hoffmanns SVG Animation test suite, which all pass now.
While I was at it, remove the includeSMILProperties boolean from computeCSSPropertyValue - we always use the computed style
without SMIL effects included, whenever we want to retrieve the "base value", or handle "inherit/currentColor".
Tests: svg/animations/animateColor-additive-2a-expected.svg
svg/animations/animateColor-additive-2a.svg
svg/animations/animateColor-additive-2b-expected.svg
svg/animations/animateColor-additive-2b.svg
svg/animations/animateColor-additive-2c-expected.svg
svg/animations/animateColor-additive-2c.svg
svg/animations/animateColor-additive-2d-expected.svg
svg/animations/animateColor-additive-2d.svg
* svg/ColorDistance.cpp:
(WebCore::ColorDistance::clampColor):
(WebCore::ColorDistance::addColors):
(WebCore::ColorDistance::addToColor):
* svg/ColorDistance.h:
(ColorDistance):
* svg/SVGAnimateElement.cpp:
(WebCore::SVGAnimateElement::resetToBaseValue):
* svg/SVGAnimatedColor.cpp:
(WebCore::SVGAnimatedColorAnimator::addAnimatedTypes):
(WebCore::SVGAnimatedColorAnimator::calculateAnimatedValue):
* svg/SVGAnimationElement.cpp:
(WebCore::SVGAnimationElement::computeCSSPropertyValue):
(WebCore::SVGAnimationElement::adjustForInheritance):
* svg/SVGAnimationElement.h:
(SVGAnimationElement):
2012-04-28 Nikolas Zimmermann <nzimmermann@rim.com>
Not reviewed. Fix Qt build -- I was too quick.
* rendering/svg/SVGPathData.cpp: Add back Path.h include.
2012-04-28 Nikolas Zimmermann <nzimmermann@rim.com>
Rename SVGPathParserFactory to SVGPathUtilities and remove the obsolete singleton
https://bugs.webkit.org/show_bug.cgi?id=85129
SVGPathParserFactory implements the singleton pattern, but stores no members.
Remove the singleton and move all functions to free-functions into SVGPathUtilities.h.
Makes the code easier to read - doesn't affect any tests.
* CMakeLists.txt:
* GNUmakefile.list.am:
* Target.pri:
* WebCore.gypi:
* WebCore.vcproj/WebCore.vcproj:
* WebCore.xcodeproj/project.pbxproj:
* rendering/svg/SVGPathData.cpp:
(WebCore::updatePathFromPathElement):
* rendering/svg/SVGRenderTreeAsText.cpp:
(WebCore::operator<<):
* svg/SVGAllInOne.cpp:
* svg/SVGAnimateMotionElement.cpp:
(WebCore::SVGAnimateMotionElement::parseAttribute):
* svg/SVGAnimatedPath.cpp:
(WebCore::SVGAnimatedPathAnimator::constructFromString):
(WebCore::SVGAnimatedPathAnimator::startAnimValAnimation):
(WebCore::SVGAnimatedPathAnimator::resetAnimValToBaseVal):
(WebCore::SVGAnimatedPathAnimator::addAnimatedTypes):
(WebCore::SVGAnimatedPathAnimator::calculateAnimatedValue):
* svg/SVGAnimatedType.cpp:
* svg/SVGGlyphElement.cpp:
(WebCore::SVGGlyphElement::buildGenericGlyphIdentifier):
* svg/SVGPathBlender.cpp: Fix typo s/;;/;/
* svg/SVGPathElement.cpp:
(WebCore::SVGPathElement::getTotalLength):
(WebCore::SVGPathElement::getPointAtLength):
(WebCore::SVGPathElement::getPathSegAtLength):
(WebCore::SVGPathElement::parseAttribute):
(WebCore::SVGPathElement::svgAttributeChanged):
(WebCore::SVGPathElement::lookupOrCreateDWrapper):
(WebCore::SVGPathElement::pathSegListChanged):
* svg/SVGPathParserFactory.h: Removed.
* svg/SVGPathSegList.cpp:
(WebCore::SVGPathSegList::valueAsString):
* svg/SVGPathUtilities.cpp: Renamed from Source/WebCore/svg/SVGPathParserFactory.cpp.
(WebCore):
(WebCore::globalSVGPathBuilder):
(WebCore::globalSVGPathSegListBuilder):
(WebCore::globalSVGPathByteStreamBuilder):
(WebCore::globalSVGPathStringBuilder):
(WebCore::globalSVGPathTraversalStateBuilder):
(WebCore::globalSVGPathParser):
(WebCore::globalSVGPathBlender):
(WebCore::buildPathFromString):
(WebCore::buildSVGPathByteStreamFromSVGPathSegList):
(WebCore::buildPathFromByteStream):
(WebCore::buildSVGPathSegListFromByteStream):
(WebCore::buildStringFromByteStream):
(WebCore::buildStringFromSVGPathSegList):
(WebCore::buildSVGPathByteStreamFromString):
(WebCore::buildAnimatedSVGPathByteStream):
(WebCore::addToSVGPathByteStream):
(WebCore::getSVGPathSegAtLengthFromSVGPathByteStream):
(WebCore::getTotalLengthOfSVGPathByteStream):
(WebCore::getPointAtLengthOfSVGPathByteStream):
* svg/SVGPathUtilities.h: Added.
(WebCore):
* svg/properties/SVGAnimatedPathSegListPropertyTearOff.h:
(WebCore::SVGAnimatedPathSegListPropertyTearOff::animValDidChange):
2012-04-28 Nikolas Zimmermann <nzimmermann@rim.com>
Fix repetitions & by animation support for path animations
https://bugs.webkit.org/show_bug.cgi?id=85071
Rubber-stamped by Antti Koivisto.
Cleanup SVGPathBlender, to make it more readable.
* svg/SVGPathBlender.cpp:
(WebCore::SVGPathBlender::blendLineToHorizontalSegment):
(WebCore::SVGPathBlender::blendLineToVerticalSegment):
(WebCore::SVGPathBlender::blendArcToSegment):
(WebCore::SVGPathBlender::blendAnimatedPath):
2012-04-28 Yury Semikhatsky <yurys@chromium.org>
Unreviewed. Qt build fix: added new exported symbols.
* WebCore.exp.in:
2012-04-28 Yury Semikhatsky <yurys@chromium.org>
Unreviewed. Fix Qt minimal build after r115553.
* inspector/InspectorConsoleAgent.h:
2012-04-27 Nikolas Zimmermann <nzimmermann@rim.com>
Fix repetitions & by animation support for path animations
https://bugs.webkit.org/show_bug.cgi?id=85071
Reviewed by Antti Koivisto.
Implement additive="sum" / by-animation support for path animations, eg.
<path d="M 10 10 L 10 100 Z">
<animate attributeName="d" begin="0s" dur="4s" by="M 0 0 L 90 0 Z"/>
<path>
animates the d attribute to "M 10 10 L 100 100 0 Z".
Now only <animateColor> and <animateMotion> are left to be fixed, all other types are working as expected now in all additive/accumulate/from-by/by/from-to animations.
Tests: svg/animations/path-animation-expected.svg
svg/animations/repeating-path-animation-expected.svg
svg/animations/repeating-path-animation.svg
* svg/SVGAnimatedPath.cpp:
(WebCore::SVGAnimatedPathAnimator::addAnimatedTypes): Implemented, to support by-animations, instead of falling back to to-animations.
(WebCore::SVGAnimatedPathAnimator::calculateAnimatedValue): Handle repetitions, accumulation & addition.
* svg/SVGPathBlender.cpp: Allow empty from source everywhere, use default values if no from value is specified, needed for by-animations.
(WebCore::SVGPathBlender::SVGPathBlender):
(WebCore::SVGPathBlender::blendAnimatedDimensonalFloat):
(WebCore::SVGPathBlender::blendAnimatedFloatPoint):
(WebCore::SVGPathBlender::blendMoveToSegment):
(WebCore::SVGPathBlender::blendLineToSegment):
(WebCore::SVGPathBlender::blendLineToHorizontalSegment):
(WebCore::SVGPathBlender::blendLineToVerticalSegment):
(WebCore::SVGPathBlender::blendCurveToCubicSegment):
(WebCore::SVGPathBlender::blendCurveToCubicSmoothSegment):
(WebCore::SVGPathBlender::blendCurveToQuadraticSegment):
(WebCore::SVGPathBlender::blendCurveToQuadraticSmoothSegment):
(WebCore::SVGPathBlender::blendArcToSegment):
(WebCore::SVGPathBlender::addAnimatedPath):
(WebCore::SVGPathBlender::blendAnimatedPath):
* svg/SVGPathBlender.h: Add new addAnimatedPath function.
(SVGPathBlender):
* svg/SVGPathByteStream.h:
(SVGPathByteStream): Make SVGPathByteStreams copyable, needed for SVGAnimatedPathAnimator.
(WebCore::SVGPathByteStream::size): Returns size of the SVGPathByteStream.
* svg/SVGPathParserFactory.cpp:
(WebCore::SVGPathParserFactory::buildAnimatedSVGPathByteStream): Allow empty from streams, needed for by animations.
(WebCore::SVGPathParserFactory::addToSVGPathByteStream): Add 'byStream' 'repeatCount' times to 'toStream'. Both streams must match in size.
* svg/SVGPathParserFactory.h: Add new addToSVGPathByteStream function.
* svg/SVGPointList.cpp: Remove dead code.
* svg/SVGPointList.h: Ditto.
(SVGPointList):
2012-04-28 Nikolas Zimmermann <nzimmermann@rim.com>
SVGAnimateMotion does not handle accumulation
https://bugs.webkit.org/show_bug.cgi?id=18564
Reviewed by Antti Koivisto.
Implement accumulation for <animateMotion>. Add lots of new
reftests, verifying additive/accumulate behavior is correct.
Tests: svg/animations/animateMotion-additive-1-expected.svg
svg/animations/animateMotion-additive-1.svg
svg/animations/animateMotion-additive-2a-expected.svg
svg/animations/animateMotion-additive-2a.svg
svg/animations/animateMotion-additive-2b-expected.svg
svg/animations/animateMotion-additive-2b.svg
svg/animations/animateMotion-additive-2c-expected.svg
svg/animations/animateMotion-additive-2c.svg
svg/animations/animateMotion-additive-2d-expected.svg
svg/animations/animateMotion-additive-2d.svg
svg/animations/mozilla/animateMotion-by-1-expected.svg
svg/animations/mozilla/animateMotion-by-1.svg
svg/animations/mozilla/animateMotion-from-to-1-expected.svg
svg/animations/mozilla/animateMotion-from-to-1.svg
svg/animations/mozilla/animateMotion-indefinite-to-1-expected.svg
svg/animations/mozilla/animateMotion-indefinite-to-1.svg
svg/animations/mozilla/animateMotion-indefinite-to-2-expected.svg
svg/animations/mozilla/animateMotion-indefinite-to-2.svg
svg/animations/mozilla/animateMotion-mpath-pathLength-1-expected.svg
svg/animations/mozilla/animateMotion-mpath-pathLength-1.svg
svg/animations/mozilla/animateMotion-mpath-targetChange-1-expected.svg
svg/animations/mozilla/animateMotion-mpath-targetChange-1.svg
svg/animations/mozilla/animateMotion-to-overridden-1-expected.svg
svg/animations/mozilla/animateMotion-to-overridden-1.svg
* svg/SVGAnimateMotionElement.cpp:
(WebCore::SVGAnimateMotionElement::SVGAnimateMotionElement):
(WebCore::SVGAnimateMotionElement::buildTransformForProgress):
(WebCore::SVGAnimateMotionElement::calculateAnimatedValue):
* svg/SVGAnimateMotionElement.h:
2012-04-27 Yury Semikhatsky <yurys@chromium.org>
ScriptStateProtectedPtr should not keep a strong reference to the context
https://bugs.webkit.org/show_bug.cgi?id=85009
Delete console message arguments when DOMWindow where the messages were created
is reset on its frame.
Reviewed by Pavel Feldman.
Test: http/tests/inspector-enabled/console-clear-arguments-on-frame-navigation.html
* inspector/ConsoleMessage.cpp:
(WebCore::ConsoleMessage::addToFrontend):
(WebCore::ConsoleMessage::windowCleared):
(WebCore::ConsoleMessage::argumentCount):
(WebCore):
* inspector/ConsoleMessage.h:
(ConsoleMessage):
* inspector/InspectorConsoleAgent.cpp:
(WebCore::InspectorConsoleAgent::consoleMessageArgumentCounts):
(WebCore):
* inspector/InspectorConsoleAgent.h:
(InspectorConsoleAgent):
* page/Frame.cpp:
(WebCore::Frame::clearDOMWindow):
(WebCore::Frame::setDOMWindow):
* testing/Internals.cpp:
(WebCore):
(WebCore::Internals::consoleMessageArgumentCounts):
* testing/Internals.h:
(Internals):
* testing/Internals.idl:
2012-04-27 Jochen Eisinger <jochen@chromium.org>
Ensure that there's always a provisional document loader if the frame loader is in provisional state
https://bugs.webkit.org/show_bug.cgi?id=83894
Reviewed by Nate Chapin.
We're still seeing crashes in the FrameLoader where the FrameLoader's
state is "provisional" but there is no provisional document loader. I
added code to update the FrameLoader's state everytime the provisional
document loader is cleared, and added checks that the FrameLoader's
state can't be set to provisional without a provisional loader.
If the crashes go away, or the newly added checks reveal the culprit,
we should relex the checks to use ASSERT() instead of CRASH().
* loader/FrameLoader.cpp:
(WebCore::FrameLoader::init):
(WebCore::FrameLoader::setupForReplace):
(WebCore::FrameLoader::stopAllLoaders):
(WebCore::FrameLoader::clearProvisionalLoad):
(WebCore::FrameLoader::continueFragmentScrollAfterNavigationPolicy):
(WebCore::FrameLoader::continueLoadAfterNavigationPolicy):
2012-04-27 Geoffrey Garen <ggaren@apple.com>
Try to fix the Qt build.
* bridge/qt/qt_runtime.cpp:
(JSC::Bindings::QtRuntimeMethod::finishCreation):
2012-04-27 Geoffrey Garen <ggaren@apple.com>
Made WeakSet::allocate() static and removed its JSGlobalData argument
https://bugs.webkit.org/show_bug.cgi?id=85128
Reviewed by Anders Carlsson.
Mechanically removed JSGlobalData arguments from PassWeak<T> and Weak<T> allocation.
* bindings/js/JSDOMBinding.cpp:
(WebCore::jsStringSlowCase):
* bindings/js/JSEventListener.h:
(WebCore::JSEventListener::setWrapper):
* bindings/js/JSNodeFilterCondition.cpp:
(WebCore::JSNodeFilterCondition::JSNodeFilterCondition):
* bindings/js/ScriptWrappable.h:
(WebCore::ScriptWrappable::setWrapper):
* bridge/jsc/BridgeJSC.cpp:
(JSC::Bindings::Instance::createRuntimeObject):
* bridge/qt/qt_runtime.cpp:
(JSC::Bindings::QtRuntimeMethod::finishCreation):
* bridge/runtime_root.cpp:
(JSC::Bindings::RootObject::addRuntimeObject):
2012-04-27 Mark Rowe <mrowe@apple.com>
<rdar://problem/11313710> Leaks under WebCore::CSSImageSetValue::cachedImageSet when running tests
There was a reference cycle between CSSImageSetValue and StyleCachedImageSet via
CSSImageSetValue::m_imageSet / StyleCachedImageSet::m_imageSetValue. Break the cycle
by having StyleCachedImageSet hold a weak reference to the CSSImageSetValue rather
than a strong reference.
Reviewed by Geoff Garen.
* rendering/style/StyleCachedImageSet.cpp:
(WebCore::StyleCachedImageSet::StyleCachedImageSet):
* rendering/style/StyleCachedImageSet.h:
(StyleCachedImageSet):
2012-04-27 Mark Rowe <mrowe@apple.com>
<rdar://problem/10346980> REGRESSION: Cannot enter text in Dashboard widget fields that have placeholder attribute
Remove a dashboard backwards compatibility quirk that was in place to support an old version
of the Stocks widget. It prevented the pointer-events property from being applied in Dashboard
widgets, which caused -webkit-input-placeholder elements to eat mouse clicks rather than giving
focus to the containing input elements. The offending widget has long since been fixed.
Reviewed by Dan Bernstein.
* css/StyleResolver.cpp:
(WebCore::StyleResolver::collectMatchingRulesForList):
2012-04-27 Dean Jackson <dino@apple.com>
Support reverse and alternate-reverse in CA animations
https://bugs.webkit.org/show_bug.cgi?id=78041
Reviewed by Beth Dakin.
CoreAnimation does not natively support reverse and alternate-reverse
animation directions so we need to flip the animation values (keyframe
keys and timing functions) that we send to GraphicsLayerCA. Unfortunately
this code adds a lot of conditionals because it isn't as simple as
reversing the order of keys. You also now have a different alignment of
timing functions to the reversed list.
New tests to cover the two new directions, making sure the timing
functions are correctly inverted, and exercising fill modes.
Tests: animations/animation-direction-reverse-fill-mode-hardware.html
animations/animation-direction-reverse-fill-mode.html
animations/animation-direction-reverse-hardware-opacity.html
animations/animation-direction-reverse-hardware.html
animations/animation-direction-reverse-non-hardware.html
animations/animation-direction-reverse-timing-functions-hardware.html
animations/animation-direction-reverse-timing-functions.html
* platform/graphics/ca/GraphicsLayerCA.cpp:
Handle the previously unsupported animation directions, reversing
the list of values and keytimes that would be used to create
the CA Animation.
(WebCore::GraphicsLayerCA::addAnimation):
Do not create an animation if on Windows and using a reverse
direction.
(WebCore::GraphicsLayerCA::createFilterAnimationsFromKeyframes):
(WebCore::GraphicsLayerCA::setupAnimation):
(WebCore::GraphicsLayerCA::setAnimationEndpoints):
(WebCore::GraphicsLayerCA::setAnimationKeyframes):
(WebCore::GraphicsLayerCA::setTransformAnimationEndpoints):
(WebCore::GraphicsLayerCA::setTransformAnimationKeyframes):
(WebCore::GraphicsLayerCA::setFilterAnimationEndpoints):
(WebCore::GraphicsLayerCA::setFilterAnimationKeyframes):
* platform/graphics/ca/PlatformCAAnimation.h:
(PlatformCAAnimation): Pass through a flag that tells the CA Animation
that it should invert the timing functions.
* platform/graphics/ca/mac/PlatformCAAnimationMac.mm:
(toCAMediaTimingFunction): Add a parameter that will invert the timing
function coefficients if necessary.
(PlatformCAAnimation::setTimingFunction):
(PlatformCAAnimation::setTimingFunctions):
* platform/graphics/ca/win/PlatformCAAnimationWin.cpp:
(toCACFTimingFunction):
New unused parameter.
2012-04-27 Sheriff Bot <webkit.review.bot@gmail.com>
Unreviewed, rolling out r115407.
http://trac.webkit.org/changeset/115407https://bugs.webkit.org/show_bug.cgi?id=85126
Caused heap use after free (Requested by keishi_ on #webkit).
* html/HTMLFormControlElement.cpp:
(WebCore::HTMLFormControlElement::HTMLFormControlElement):
(WebCore::HTMLFormControlElement::updateFieldSetAndLegendAncestor):
(WebCore::HTMLFormControlElement::insertedInto):
(WebCore::HTMLFormControlElement::removedFrom):
(WebCore::HTMLFormControlElement::disabled):
(WebCore::HTMLFormControlElement::recalcWillValidate):
(WebCore::HTMLFormControlElement::setNeedsWillValidateCheck):
* html/HTMLFormControlElement.h:
(HTMLFormControlElement):
2012-04-27 Kentaro Hara <haraken@chromium.org>
[JSC] Implement a helper method createNotEnoughArgumentsError()
https://bugs.webkit.org/show_bug.cgi?id=85102
Reviewed by Geoffrey Garen.
In bug 84787, kbr@ requested to avoid hard-coding
createTypeError(exec, "Not enough arguments") here and there.
This patch implements createNotEnoughArgumentsError(exec)
and uses it in JSC bindings.
c.f. a corresponding bug for V8 bindings is bug 85097.
Test: bindings/scripts/test/TestObj.idl
* bindings/scripts/CodeGeneratorJS.pm: Modified as described above.
(GenerateArgumentsCountCheck):
* bindings/js/JSDataViewCustom.cpp: Ditto.
(WebCore::getDataViewMember):
(WebCore::setDataViewMember):
* bindings/js/JSDeprecatedPeerConnectionCustom.cpp:
(WebCore::JSDeprecatedPeerConnectionConstructor::constructJSDeprecatedPeerConnection):
* bindings/js/JSDirectoryEntryCustom.cpp:
(WebCore::JSDirectoryEntry::getFile):
(WebCore::JSDirectoryEntry::getDirectory):
* bindings/js/JSSharedWorkerCustom.cpp:
(WebCore::JSSharedWorkerConstructor::constructJSSharedWorker):
* bindings/js/JSWebKitMutationObserverCustom.cpp:
(WebCore::JSWebKitMutationObserverConstructor::constructJSWebKitMutationObserver):
(WebCore::JSWebKitMutationObserver::observe):
* bindings/js/JSWorkerCustom.cpp:
(WebCore::JSWorkerConstructor::constructJSWorker):
* bindings/scripts/test/JS/JSFloat64Array.cpp: Updated run-bindings-tests.
(WebCore::jsFloat64ArrayPrototypeFunctionFoo):
* bindings/scripts/test/JS/JSTestActiveDOMObject.cpp:
(WebCore::jsTestActiveDOMObjectPrototypeFunctionExcitingFunction):
(WebCore::jsTestActiveDOMObjectPrototypeFunctionPostMessage):
* bindings/scripts/test/JS/JSTestCustomNamedGetter.cpp:
(WebCore::jsTestCustomNamedGetterPrototypeFunctionAnotherFunction):
* bindings/scripts/test/JS/JSTestEventTarget.cpp:
(WebCore::jsTestEventTargetPrototypeFunctionItem):
(WebCore::jsTestEventTargetPrototypeFunctionAddEventListener):
(WebCore::jsTestEventTargetPrototypeFunctionRemoveEventListener):
(WebCore::jsTestEventTargetPrototypeFunctionDispatchEvent):
* bindings/scripts/test/JS/JSTestInterface.cpp:
(WebCore::JSTestInterfaceConstructor::constructJSTestInterface):
(WebCore::jsTestInterfacePrototypeFunctionSupplementalMethod2):
* bindings/scripts/test/JS/JSTestMediaQueryListListener.cpp:
(WebCore::jsTestMediaQueryListListenerPrototypeFunctionMethod):
* bindings/scripts/test/JS/JSTestNamedConstructor.cpp:
(WebCore::JSTestNamedConstructorNamedConstructor::constructJSTestNamedConstructor):
* bindings/scripts/test/JS/JSTestObj.cpp:
(WebCore::JSTestObjConstructor::constructJSTestObj):
(WebCore::jsTestObjPrototypeFunctionVoidMethodWithArgs):
(WebCore::jsTestObjPrototypeFunctionIntMethodWithArgs):
(WebCore::jsTestObjPrototypeFunctionObjMethodWithArgs):
(WebCore::jsTestObjPrototypeFunctionMethodWithSequenceArg):
(WebCore::jsTestObjPrototypeFunctionMethodReturningSequence):
(WebCore::jsTestObjPrototypeFunctionMethodThatRequiresAllArgsAndThrows):
(WebCore::jsTestObjPrototypeFunctionSerializedValue):
(WebCore::jsTestObjPrototypeFunctionIdbKey):
(WebCore::jsTestObjPrototypeFunctionOptionsObject):
(WebCore::jsTestObjPrototypeFunctionAddEventListener):
(WebCore::jsTestObjPrototypeFunctionRemoveEventListener):
(WebCore::jsTestObjPrototypeFunctionMethodWithNonOptionalArgAndOptionalArg):
(WebCore::jsTestObjPrototypeFunctionMethodWithNonOptionalArgAndTwoOptionalArgs):
(WebCore::jsTestObjPrototypeFunctionMethodWithCallbackArg):
(WebCore::jsTestObjPrototypeFunctionMethodWithNonCallbackArgAndCallbackArg):
(WebCore::jsTestObjPrototypeFunctionOverloadedMethod1):
(WebCore::jsTestObjPrototypeFunctionOverloadedMethod2):
(WebCore::jsTestObjPrototypeFunctionOverloadedMethod3):
(WebCore::jsTestObjPrototypeFunctionOverloadedMethod4):
(WebCore::jsTestObjPrototypeFunctionOverloadedMethod5):
(WebCore::jsTestObjPrototypeFunctionOverloadedMethod6):
(WebCore::jsTestObjPrototypeFunctionOverloadedMethod7):
(WebCore::jsTestObjConstructorFunctionClassMethod2):
(WebCore::jsTestObjConstructorFunctionOverloadedMethod11):
(WebCore::jsTestObjConstructorFunctionOverloadedMethod12):
(WebCore::jsTestObjPrototypeFunctionMethodWithUnsignedLongArray):
(WebCore::jsTestObjPrototypeFunctionConvert1):
(WebCore::jsTestObjPrototypeFunctionConvert2):
(WebCore::jsTestObjPrototypeFunctionConvert3):
(WebCore::jsTestObjPrototypeFunctionConvert4):
(WebCore::jsTestObjPrototypeFunctionConvert5):
(WebCore::jsTestObjPrototypeFunctionStrictFunction):
* bindings/scripts/test/JS/JSTestSerializedScriptValueInterface.cpp:
(WebCore::JSTestSerializedScriptValueInterfaceConstructor::constructJSTestSerializedScriptValueInterface):
(WebCore::jsTestSerializedScriptValueInterfacePrototypeFunctionAcceptTransferList):
2012-04-27 Mark Pilgrim <pilgrim@chromium.org>
[Chromium] Call highMemoryUsageMB directly
https://bugs.webkit.org/show_bug.cgi?id=84841
Reviewed by Kentaro Hara.
Part of a refactoring series. See tracking bug 82948.
* bindings/v8/V8GCController.cpp:
(WebCore::V8GCController::checkMemoryUsage):
* platform/MemoryUsageSupport.cpp:
(WebCore::MemoryUsageSupport::highMemoryUsageMB):
(WebCore):
* platform/MemoryUsageSupport.h:
(MemoryUsageSupport):
* platform/chromium/MemoryUsageSupportChromium.cpp:
(WebCore::MemoryUsageSupport::highMemoryUsageMB):
(WebCore):
* platform/chromium/PlatformSupport.h:
(PlatformSupport):
2012-04-27 Geoffrey Garen <ggaren@apple.com>
Only allow non-null pointers in the WeakSet
https://bugs.webkit.org/show_bug.cgi?id=85119
Reviewed by Darin Adler.
* bridge/jsc/BridgeJSC.cpp:
(JSC::Bindings::Instance::Instance): Don't allocate a WeakImpl just to
store null. This was needless, and is now a compile error. Instead,
rely on the default constructor, which will produce a cheap null.
2012-04-27 Kentaro Hara <haraken@chromium.org>
"Not enough arguments" error should be TypeError
https://bugs.webkit.org/show_bug.cgi?id=84628
Reviewed by Darin Adler.
Currently, some custom bindings implement "Not enough arguments"
error as SyntaxError. The Web IDL spec requires that it should be
TypeError: http://www.w3.org/TR/WebIDL/#dfn-overload-resolution-algorithm
Thus, this patch changes SyntaxError to TypeError.
Tests: http/tests/websocket/tests/hixie76/url-parsing.html:
http/tests/websocket/tests/hybi/url-parsing.html:
http/tests/xmlhttprequest/exceptions.html:
svg/dom/SVGLength.html:
webaudio/audionode.html:
* bindings/js/JSAudioContextCustom.cpp:
(WebCore::JSAudioContextConstructor::constructJSAudioContext):
* bindings/js/JSSVGLengthCustom.cpp:
(WebCore::JSSVGLength::convertToSpecifiedUnits):
* bindings/js/JSWebSocketCustom.cpp:
(WebCore::JSWebSocketConstructor::constructJSWebSocket):
(WebCore::JSWebSocket::send):
* bindings/js/JSXMLHttpRequestCustom.cpp:
(WebCore::JSXMLHttpRequest::open):
* bindings/v8/custom/V8AudioContextCustom.cpp:
(WebCore::V8AudioContext::constructorCallback):
* bindings/v8/custom/V8SVGLengthCustom.cpp:
(WebCore::V8SVGLength::convertToSpecifiedUnitsCallback):
* bindings/v8/custom/V8WebSocketCustom.cpp:
(WebCore::V8WebSocket::constructorCallback):
(WebCore::V8WebSocket::sendCallback):
* bindings/v8/custom/V8XMLHttpRequestCustom.cpp:
(WebCore::V8XMLHttpRequest::openCallback):
2012-04-27 Kenneth Russell <kbr@google.com>
Remove SHADER_COMPILER constant
https://bugs.webkit.org/show_bug.cgi?id=85115
Reviewed by Darin Adler.
Removed constant which was previously removed from spec. Updated
layout test and expected results.
* html/canvas/WebGLRenderingContext.idl:
2012-04-27 Arvid Nilsson <anilsson@rim.com>
[BlackBerry] Fixed background is scrolling in http://www.nieuwecode.nlhttps://bugs.webkit.org/show_bug.cgi?id=85109
Reviewed by Antonio Gomes.
Since the BlackBerry port uses very similar fixed position acceleration
as the Qt WebKit2 port, the same fix that worked for them in bug 83980
works for us.
Fixed by opting in to the FIXED_POSITION_CREATES_STACKING_CONTEXT
mechanism.
Covered by existing manual test fixed-position-no-z-index.html.
* css/StyleResolver.cpp:
2012-04-27 Nat Duca <nduca@chromium.org>
Expose high-resolution on requestAnimationFrame callback
https://bugs.webkit.org/show_bug.cgi?id=66683
This changes requestAnimationFrame's animationStartTime argument
to be a high resolution DOM timestamp, per disucssion here:
http://lists.w3.org/Archives/Public/public-web-perf/2012Apr/0004.html
Reviewed by James Robinson.
Covered by existing requestAnimationFrame tests.
* dom/Document.cpp:
(WebCore::Document::serviceScriptedAnimations):
* dom/Document.h:
(Document):
* dom/ScriptedAnimationController.cpp:
(WebCore::ScriptedAnimationController::ScriptedAnimationController):
(WebCore::ScriptedAnimationController::serviceScriptedAnimations):
(WebCore):
(WebCore::ScriptedAnimationController::windowScreenDidChange):
(WebCore::ScriptedAnimationController::scheduleAnimation):
(WebCore::ScriptedAnimationController::animationTimerFired):
(WebCore::ScriptedAnimationController::displayRefreshFired):
* dom/ScriptedAnimationController.h:
(ScriptedAnimationController):
* page/FrameView.cpp:
(WebCore::FrameView::serviceScriptedAnimations):
* page/FrameView.h:
(FrameView):
* platform/graphics/DisplayRefreshMonitor.cpp:
(WebCore::DisplayRefreshMonitor::DisplayRefreshMonitor):
(WebCore::DisplayRefreshMonitor::notifyClients):
* platform/graphics/DisplayRefreshMonitor.h:
(DisplayRefreshMonitor):
* platform/graphics/blackberry/DisplayRefreshMonitorBlackBerry.cpp:
(WebCore::DisplayRefreshMonitor::displayLinkFired):
* platform/graphics/mac/DisplayRefreshMonitorMac.cpp:
(WebCore):
(WebCore::DisplayRefreshMonitor::requestRefreshCallback):
(WebCore::DisplayRefreshMonitor::displayLinkFired):
2012-04-27 Kentaro Hara <haraken@chromium.org>
[V8] Implement a helper method V8Proxy::throwNotEnoughArgumentsError()
https://bugs.webkit.org/show_bug.cgi?id=85097
Reviewed by Kenneth Russell.
In bug 84787, kbr requested to avoid hard-coding
throwError("Not enough arguments", V8Proxy::TypeError) here and there.
This patch implements V8Proxy::throwNotEnoughArgumentsError()
and uses it in V8 bindings.
No tests. No change in behavior.
* bindings/scripts/CodeGeneratorV8.pm:
(GenerateArgumentsCountCheck):
(GenerateEventConstructorCallback):
* bindings/v8/V8Proxy.cpp:
(WebCore::V8Proxy::throwNotEnoughArgmentsError):
(WebCore):
* bindings/v8/V8Proxy.h:
(V8Proxy):
* bindings/v8/custom/V8DataViewCustom.cpp:
(WebCore::V8DataView::getInt8Callback):
(WebCore::V8DataView::getUint8Callback):
(WebCore::V8DataView::setInt8Callback):
(WebCore::V8DataView::setUint8Callback):
* bindings/v8/custom/V8DirectoryEntryCustom.cpp:
(WebCore::V8DirectoryEntry::getDirectoryCallback):
(WebCore::V8DirectoryEntry::getFileCallback):
* bindings/v8/custom/V8IntentConstructor.cpp:
(WebCore::V8Intent::constructorCallback):
* bindings/v8/custom/V8WebKitMutationObserverCustom.cpp:
(WebCore::V8WebKitMutationObserver::constructorCallback):
(WebCore::V8WebKitMutationObserver::observeCallback):
Test: bindings/scripts/test/TestObj.idl
* bindings/scripts/CodeGeneratorV8.pm: Modified as described above.
(GenerateArgumentsCountCheck):
(GenerateEventConstructorCallback):
* bindings/v8/V8Proxy.cpp: Ditto.
(WebCore::V8Proxy::throwNotEnoughArgumentsError):
(WebCore):
* bindings/v8/V8Proxy.h:
(V8Proxy):
* bindings/v8/custom/V8DataViewCustom.cpp:
(WebCore::V8DataView::getInt8Callback):
(WebCore::V8DataView::getUint8Callback):
(WebCore::V8DataView::setInt8Callback):
(WebCore::V8DataView::setUint8Callback):
* bindings/v8/custom/V8DirectoryEntryCustom.cpp:
(WebCore::V8DirectoryEntry::getDirectoryCallback):
(WebCore::V8DirectoryEntry::getFileCallback):
* bindings/v8/custom/V8IntentConstructor.cpp:
(WebCore::V8Intent::constructorCallback):
* bindings/v8/custom/V8WebKitMutationObserverCustom.cpp:
(WebCore::V8WebKitMutationObserver::constructorCallback):
(WebCore::V8WebKitMutationObserver::observeCallback):
* bindings/scripts/test/V8/V8Float64Array.cpp: Updated run-bindings-tests.
(WebCore::Float64ArrayV8Internal::fooCallback):
* bindings/scripts/test/V8/V8TestActiveDOMObject.cpp:
(WebCore::TestActiveDOMObjectV8Internal::excitingFunctionCallback):
(WebCore::TestActiveDOMObjectV8Internal::postMessageCallback):
* bindings/scripts/test/V8/V8TestCustomNamedGetter.cpp:
(WebCore::TestCustomNamedGetterV8Internal::anotherFunctionCallback):
* bindings/scripts/test/V8/V8TestEventConstructor.cpp:
(WebCore::V8TestEventConstructor::constructorCallback):
* bindings/scripts/test/V8/V8TestEventTarget.cpp:
(WebCore::TestEventTargetV8Internal::itemCallback):
(WebCore::TestEventTargetV8Internal::dispatchEventCallback):
* bindings/scripts/test/V8/V8TestInterface.cpp:
(WebCore::TestInterfaceV8Internal::supplementalMethod2Callback):
(WebCore::V8TestInterface::constructorCallback):
* bindings/scripts/test/V8/V8TestMediaQueryListListener.cpp:
(WebCore::TestMediaQueryListListenerV8Internal::methodCallback):
* bindings/scripts/test/V8/V8TestNamedConstructor.cpp:
(WebCore::V8TestNamedConstructorConstructorCallback):
* bindings/scripts/test/V8/V8TestObj.cpp:
(WebCore::TestObjV8Internal::voidMethodWithArgsCallback):
(WebCore::TestObjV8Internal::intMethodWithArgsCallback):
(WebCore::TestObjV8Internal::objMethodWithArgsCallback):
(WebCore::TestObjV8Internal::methodWithSequenceArgCallback):
(WebCore::TestObjV8Internal::methodReturningSequenceCallback):
(WebCore::TestObjV8Internal::methodThatRequiresAllArgsAndThrowsCallback):
(WebCore::TestObjV8Internal::serializedValueCallback):
(WebCore::TestObjV8Internal::idbKeyCallback):
(WebCore::TestObjV8Internal::optionsObjectCallback):
(WebCore::TestObjV8Internal::methodWithNonOptionalArgAndOptionalArgCallback):
(WebCore::TestObjV8Internal::methodWithNonOptionalArgAndTwoOptionalArgsCallback):
(WebCore::TestObjV8Internal::methodWithCallbackArgCallback):
(WebCore::TestObjV8Internal::methodWithNonCallbackArgAndCallbackArgCallback):
(WebCore::TestObjV8Internal::overloadedMethod1Callback):
(WebCore::TestObjV8Internal::overloadedMethod2Callback):
(WebCore::TestObjV8Internal::overloadedMethod3Callback):
(WebCore::TestObjV8Internal::overloadedMethod4Callback):
(WebCore::TestObjV8Internal::overloadedMethod5Callback):
(WebCore::TestObjV8Internal::overloadedMethod6Callback):
(WebCore::TestObjV8Internal::overloadedMethod7Callback):
(WebCore::TestObjV8Internal::overloadedMethod11Callback):
(WebCore::TestObjV8Internal::overloadedMethod12Callback):
(WebCore::TestObjV8Internal::enabledAtRuntimeMethod1Callback):
(WebCore::TestObjV8Internal::enabledAtRuntimeMethod2Callback):
(WebCore::TestObjV8Internal::convert1Callback):
(WebCore::TestObjV8Internal::convert2Callback):
(WebCore::TestObjV8Internal::convert3Callback):
(WebCore::TestObjV8Internal::convert4Callback):
(WebCore::TestObjV8Internal::convert5Callback):
(WebCore::TestObjV8Internal::strictFunctionCallback):
(WebCore::V8TestObj::constructorCallback):
* bindings/scripts/test/V8/V8TestSerializedScriptValueInterface.cpp:
(WebCore::TestSerializedScriptValueInterfaceV8Internal::acceptTransferListCallback):
(WebCore::V8TestSerializedScriptValueInterface::constructorCallback):
2012-04-27 Mark Pilgrim <pilgrim@chromium.org>
[Chromium] Call lowMemoryUsageMB directly
https://bugs.webkit.org/show_bug.cgi?id=84840
Reviewed by Kentaro Hara.
Part of a refactoring series. See tracking bug 82948.
* bindings/v8/V8GCController.cpp:
(WebCore::V8GCController::checkMemoryUsage):
* platform/MemoryUsageSupport.cpp:
(WebCore::MemoryUsageSupport::lowMemoryUsageMB):
(WebCore):
* platform/MemoryUsageSupport.h:
(MemoryUsageSupport):
* platform/chromium/MemoryUsageSupportChromium.cpp:
(WebCore::MemoryUsageSupport::lowMemoryUsageMB):
(WebCore):
* platform/chromium/PlatformSupport.h:
(PlatformSupport):
2012-04-27 Yi Shen <yi.4.shen@nokia.com>
REGRESSION(113723): Pressing enter in this list example deletes the whole list
https://bugs.webkit.org/show_bug.cgi?id=85016
Reviewed by Enrica Casucci.
The bug was caused by CompositeEditCommand::breakOutOfEmptyListItem, which calls isListItem
on the empty list's siblings to decide which part of the list should get removed. However,
the check fails when the empty list's sibling is a text node, or a list element (e.g. ul, ol).
Fixed it by skipping empty list's non-element sibling and calling isListElement to do further
check.
Test: added new test cases in the existing test (break-out-of-empty-list-item.html)
* editing/CompositeEditCommand.cpp:
(WebCore::CompositeEditCommand::breakOutOfEmptyListItem):
2012-04-27 Ian Vollick <vollick@chromium.org>
[chromium] Add pause and resume support for accelerated css animations.
https://bugs.webkit.org/show_bug.cgi?id=84601
Reviewed by James Robinson.
Tested in:
CCLayerAnimationControllerTest.syncPauseResume
CCActiveAnimationTest.TrimTimeTimeOffset
CCActiveAnimationTest.TrimTimeSuspendResume
CCActiveAnimationTest.IsFinishedNeedsSynchronizedStartTime
CCActiveAnimationTest.RunStateChangesIgnoredWhileSuspended
* platform/graphics/chromium/GraphicsLayerChromium.cpp:
(WebCore::GraphicsLayerChromium::suspendAnimations):
(WebCore::GraphicsLayerChromium::resumeAnimations):
* platform/graphics/chromium/GraphicsLayerChromium.h:
(GraphicsLayerChromium):
* platform/graphics/chromium/LayerChromium.cpp:
(WebCore::LayerChromium::suspendAnimations):
(WebCore::LayerChromium::resumeAnimations):
* platform/graphics/chromium/LayerChromium.h:
(LayerChromium):
* platform/graphics/chromium/cc/CCActiveAnimation.cpp:
(WebCore::CCActiveAnimation::CCActiveAnimation):
(WebCore::CCActiveAnimation::setRunState):
(WebCore::CCActiveAnimation::suspend):
(WebCore::CCActiveAnimation::resume):
(WebCore::CCActiveAnimation::isFinishedAt):
(WebCore::CCActiveAnimation::trimTimeToCurrentIteration):
(WebCore::CCActiveAnimation::cloneForImplThread):
(WebCore::CCActiveAnimation::pushPropertiesTo):
* platform/graphics/chromium/cc/CCActiveAnimation.h:
(CCActiveAnimation):
(WebCore::CCActiveAnimation::setStartTime):
(WebCore::CCActiveAnimation::timeOffset):
(WebCore::CCActiveAnimation::setTimeOffset):
(WebCore::CCActiveAnimation::isFinished):
* platform/graphics/chromium/cc/CCLayerAnimationController.cpp:
(WebCore::CCLayerAnimationController::addAnimation):
(WebCore::CCLayerAnimationController::pauseAnimation):
(WebCore::CCLayerAnimationController::suspendAnimations):
(WebCore::CCLayerAnimationController::resumeAnimations):
(WebCore::CCLayerAnimationController::pushAnimationUpdatesTo):
(WebCore::CCLayerAnimationController::getActiveAnimation):
(WebCore::CCLayerAnimationController::pushNewAnimationsToImplThread):
(WebCore::CCLayerAnimationController::removeAnimationsCompletedOnMainThread):
(WebCore::CCLayerAnimationController::pushPropertiesToImplThread):
(WebCore):
(WebCore::CCLayerAnimationController::tickAnimations):
* platform/graphics/chromium/cc/CCLayerAnimationController.h:
(CCLayerAnimationController):
2012-04-27 Tim Horton <timothy_horton@apple.com>
SMIL animation causes leak of the related Document (and many elements)
https://bugs.webkit.org/show_bug.cgi?id=83856
<rdar://problem/11216047>
Reviewed by Dean Jackson.
The SVGAnimatedProperty cache was previously holding a reference to the properties it contained;
said references were cleared in the SVGAnimatedProperty destructor (which was never called because
there was always one remaining reference from the cache).
The SVGAnimatedProperty cache now holds raw pointers instead of RefPtrs; the SVGAnimateElement now
owns its own SVGAnimatedProperties, both for itself and for any <use/> instances of itself. They're
cleared and destroyed within SVGAnimateElement::targetElementWillChange, at which time they're removed
from the cache.
SVGPropertyTearOffs now keep a reference to their SVGElement (m_contextElement) instead of their SVGAnimatedProperty;
this way, there is no reference cycle, but the animated property (owned by the element) and the element itself are
kept alive until the TearOff is garbage collected.
Tests: svg/animations/smil-leak-dynamically-added-element-instances.svg
svg/animations/smil-leak-elements.svg
svg/animations/smil-leak-element-instances-noBaseValRef.svg
svg/animations/smil-leak-element-instances.svg
svg/animations/svglength-element-removed-crash.svg
* svg/SVGAnimateElement.cpp:
(WebCore::SVGAnimateElement::calculateAnimatedValue):
(WebCore::propertyTypesAreConsistent):
(WebCore::SVGAnimateElement::resetToBaseValue):
(WebCore::SVGAnimateElement::applyResultsToTarget):
(WebCore::SVGAnimateElement::targetElementWillChange):
* svg/SVGAnimateElement.h:
(SVGAnimateElement):
* svg/SVGAnimatedAngle.cpp:
(WebCore::SVGAnimatedAngleAnimator::startAnimValAnimation):
(WebCore::SVGAnimatedAngleAnimator::stopAnimValAnimation):
(WebCore::SVGAnimatedAngleAnimator::resetAnimValToBaseVal):
(WebCore::SVGAnimatedAngleAnimator::animValWillChange):
(WebCore::SVGAnimatedAngleAnimator::animValDidChange):
* svg/SVGAnimatedAngle.h:
(SVGAnimatedAngleAnimator):
* svg/SVGAnimatedBoolean.cpp:
(WebCore::SVGAnimatedBooleanAnimator::startAnimValAnimation):
(WebCore::SVGAnimatedBooleanAnimator::stopAnimValAnimation):
(WebCore::SVGAnimatedBooleanAnimator::resetAnimValToBaseVal):
(WebCore::SVGAnimatedBooleanAnimator::animValWillChange):
(WebCore::SVGAnimatedBooleanAnimator::animValDidChange):
* svg/SVGAnimatedBoolean.h:
(SVGAnimatedBooleanAnimator):
* svg/SVGAnimatedColor.h:
(WebCore::SVGAnimatedColorAnimator::startAnimValAnimation):
(WebCore::SVGAnimatedColorAnimator::stopAnimValAnimation):
(WebCore::SVGAnimatedColorAnimator::resetAnimValToBaseVal):
(WebCore::SVGAnimatedColorAnimator::animValWillChange):
(WebCore::SVGAnimatedColorAnimator::animValDidChange):
* svg/SVGAnimatedEnumeration.cpp:
(WebCore::SVGAnimatedEnumerationAnimator::startAnimValAnimation):
(WebCore::SVGAnimatedEnumerationAnimator::stopAnimValAnimation):
(WebCore::SVGAnimatedEnumerationAnimator::resetAnimValToBaseVal):
(WebCore::SVGAnimatedEnumerationAnimator::animValWillChange):
(WebCore::SVGAnimatedEnumerationAnimator::animValDidChange):
* svg/SVGAnimatedEnumeration.h:
(SVGAnimatedEnumerationAnimator):
* svg/SVGAnimatedInteger.cpp:
(WebCore::SVGAnimatedIntegerAnimator::startAnimValAnimation):
(WebCore::SVGAnimatedIntegerAnimator::stopAnimValAnimation):
(WebCore::SVGAnimatedIntegerAnimator::resetAnimValToBaseVal):
(WebCore::SVGAnimatedIntegerAnimator::animValWillChange):
(WebCore::SVGAnimatedIntegerAnimator::animValDidChange):
* svg/SVGAnimatedInteger.h:
(SVGAnimatedIntegerAnimator):
* svg/SVGAnimatedIntegerOptionalInteger.cpp:
(WebCore::SVGAnimatedIntegerOptionalIntegerAnimator::startAnimValAnimation):
(WebCore::SVGAnimatedIntegerOptionalIntegerAnimator::stopAnimValAnimation):
(WebCore::SVGAnimatedIntegerOptionalIntegerAnimator::resetAnimValToBaseVal):
(WebCore::SVGAnimatedIntegerOptionalIntegerAnimator::animValWillChange):
(WebCore::SVGAnimatedIntegerOptionalIntegerAnimator::animValDidChange):
* svg/SVGAnimatedIntegerOptionalInteger.h:
(SVGAnimatedIntegerOptionalIntegerAnimator):
* svg/SVGAnimatedLength.cpp:
(WebCore::SVGAnimatedLengthAnimator::startAnimValAnimation):
(WebCore::SVGAnimatedLengthAnimator::stopAnimValAnimation):
(WebCore::SVGAnimatedLengthAnimator::resetAnimValToBaseVal):
(WebCore::SVGAnimatedLengthAnimator::animValWillChange):
(WebCore::SVGAnimatedLengthAnimator::animValDidChange):
* svg/SVGAnimatedLength.h:
(SVGAnimatedLengthAnimator):
* svg/SVGAnimatedLengthList.cpp:
(WebCore::SVGAnimatedLengthListAnimator::startAnimValAnimation):
(WebCore::SVGAnimatedLengthListAnimator::stopAnimValAnimation):
(WebCore::SVGAnimatedLengthListAnimator::resetAnimValToBaseVal):
(WebCore::SVGAnimatedLengthListAnimator::animValWillChange):
(WebCore::SVGAnimatedLengthListAnimator::animValDidChange):
* svg/SVGAnimatedLengthList.h:
(SVGAnimatedLengthListAnimator):
* svg/SVGAnimatedNumber.cpp:
(WebCore::SVGAnimatedNumberAnimator::startAnimValAnimation):
(WebCore::SVGAnimatedNumberAnimator::stopAnimValAnimation):
(WebCore::SVGAnimatedNumberAnimator::resetAnimValToBaseVal):
(WebCore::SVGAnimatedNumberAnimator::animValWillChange):
(WebCore::SVGAnimatedNumberAnimator::animValDidChange):
* svg/SVGAnimatedNumber.h:
(SVGAnimatedNumberAnimator):
* svg/SVGAnimatedNumberList.cpp:
(WebCore::SVGAnimatedNumberListAnimator::startAnimValAnimation):
(WebCore::SVGAnimatedNumberListAnimator::stopAnimValAnimation):
(WebCore::SVGAnimatedNumberListAnimator::resetAnimValToBaseVal):
(WebCore::SVGAnimatedNumberListAnimator::animValWillChange):
(WebCore::SVGAnimatedNumberListAnimator::animValDidChange):
* svg/SVGAnimatedNumberList.h:
(SVGAnimatedNumberListAnimator):
* svg/SVGAnimatedNumberOptionalNumber.cpp:
(WebCore::SVGAnimatedNumberOptionalNumberAnimator::startAnimValAnimation):
(WebCore::SVGAnimatedNumberOptionalNumberAnimator::stopAnimValAnimation):
(WebCore::SVGAnimatedNumberOptionalNumberAnimator::resetAnimValToBaseVal):
(WebCore::SVGAnimatedNumberOptionalNumberAnimator::animValWillChange):
(WebCore::SVGAnimatedNumberOptionalNumberAnimator::animValDidChange):
* svg/SVGAnimatedNumberOptionalNumber.h:
(SVGAnimatedNumberOptionalNumberAnimator):
* svg/SVGAnimatedPath.cpp:
(WebCore::SVGAnimatedPathAnimator::startAnimValAnimation):
(WebCore::SVGAnimatedPathAnimator::stopAnimValAnimation):
(WebCore::SVGAnimatedPathAnimator::resetAnimValToBaseVal):
(WebCore::SVGAnimatedPathAnimator::animValWillChange):
(WebCore::SVGAnimatedPathAnimator::animValDidChange):
* svg/SVGAnimatedPath.h:
(SVGAnimatedPathAnimator):
* svg/SVGAnimatedPointList.cpp:
(WebCore::SVGAnimatedPointListAnimator::startAnimValAnimation):
(WebCore::SVGAnimatedPointListAnimator::stopAnimValAnimation):
(WebCore::SVGAnimatedPointListAnimator::resetAnimValToBaseVal):
(WebCore::SVGAnimatedPointListAnimator::animValWillChange):
(WebCore::SVGAnimatedPointListAnimator::animValDidChange):
* svg/SVGAnimatedPointList.h:
(SVGAnimatedPointListAnimator):
* svg/SVGAnimatedPreserveAspectRatio.cpp:
(WebCore::SVGAnimatedPreserveAspectRatioAnimator::startAnimValAnimation):
(WebCore::SVGAnimatedPreserveAspectRatioAnimator::stopAnimValAnimation):
(WebCore::SVGAnimatedPreserveAspectRatioAnimator::resetAnimValToBaseVal):
(WebCore::SVGAnimatedPreserveAspectRatioAnimator::animValWillChange):
(WebCore::SVGAnimatedPreserveAspectRatioAnimator::animValDidChange):
* svg/SVGAnimatedPreserveAspectRatio.h:
(SVGAnimatedPreserveAspectRatioAnimator):
* svg/SVGAnimatedRect.cpp:
(WebCore::SVGAnimatedRectAnimator::startAnimValAnimation):
(WebCore::SVGAnimatedRectAnimator::stopAnimValAnimation):
(WebCore::SVGAnimatedRectAnimator::resetAnimValToBaseVal):
(WebCore::SVGAnimatedRectAnimator::animValWillChange):
(WebCore::SVGAnimatedRectAnimator::animValDidChange):
* svg/SVGAnimatedRect.h:
(SVGAnimatedRectAnimator):
* svg/SVGAnimatedString.cpp:
(WebCore::SVGAnimatedStringAnimator::startAnimValAnimation):
(WebCore::SVGAnimatedStringAnimator::stopAnimValAnimation):
(WebCore::SVGAnimatedStringAnimator::resetAnimValToBaseVal):
(WebCore::SVGAnimatedStringAnimator::animValWillChange):
(WebCore::SVGAnimatedStringAnimator::animValDidChange):
* svg/SVGAnimatedString.h:
(SVGAnimatedStringAnimator):
* svg/SVGAnimatedTransformList.cpp:
(WebCore::SVGAnimatedTransformListAnimator::startAnimValAnimation):
(WebCore::SVGAnimatedTransformListAnimator::stopAnimValAnimation):
(WebCore::SVGAnimatedTransformListAnimator::resetAnimValToBaseVal):
(WebCore::SVGAnimatedTransformListAnimator::animValWillChange):
(WebCore::SVGAnimatedTransformListAnimator::animValDidChange):
* svg/SVGAnimatedTransformList.h:
(SVGAnimatedTransformListAnimator):
* svg/SVGAnimatedTypeAnimator.h:
(SVGAnimatedTypeAnimator):
(WebCore::SVGAnimatedTypeAnimator::findAnimatedPropertiesForAttributeName):
(WebCore::SVGAnimatedTypeAnimator::findAnimatedPropertiesFromInstancesForAttributeName):
(WebCore::SVGAnimatedTypeAnimator::constructFromBaseValue):
(WebCore::SVGAnimatedTypeAnimator::resetFromBaseValue):
(WebCore::SVGAnimatedTypeAnimator::stopAnimValAnimationForType):
(WebCore::SVGAnimatedTypeAnimator::animValDidChangeForType):
(WebCore::SVGAnimatedTypeAnimator::animValWillChangeForType):
(WebCore::SVGAnimatedTypeAnimator::constructFromBaseValues):
(WebCore::SVGAnimatedTypeAnimator::resetFromBaseValues):
(WebCore::SVGAnimatedTypeAnimator::stopAnimValAnimationForTypes):
(WebCore::SVGAnimatedTypeAnimator::animValDidChangeForTypes):
(WebCore::SVGAnimatedTypeAnimator::animValWillChangeForTypes):
(WebCore::SVGAnimatedTypeAnimator::castAnimatedPropertyToActualType):
(WebCore::SVGAnimatedTypeAnimator::executeAction):
* svg/properties/SVGAnimatedProperty.h:
(SVGAnimatedProperty):
* svg/properties/SVGPropertyTearOff.h:
(WebCore::SVGPropertyTearOff::animatedProperty):
(SVGPropertyTearOff):
2012-04-27 Adam Klein <adamk@chromium.org>
Remove misspelled, unused, unimplemented method from V8Proxy
https://bugs.webkit.org/show_bug.cgi?id=85091
Reviewed by Dimitri Glazkov.
* bindings/v8/V8Proxy.h:
(V8Proxy):
2012-04-24 Jeffrey Pfau <jpfau@apple.com>
Disable RTF in JavaScript drag-and-drop
https://bugs.webkit.org/show_bug.cgi?id=76597
Reviewed by Maciej Stachowiak.
Test: fast/events/drag-and-drop-subframe-dataTransfer.html
* platform/mac/ClipboardMac.mm:
(WebCore::cocoaTypeFromHTMLClipboardType):
2012-04-26 James Robinson <jamesr@chromium.org>
[chromium] Separate IOSurface layer type from texture layers
https://bugs.webkit.org/show_bug.cgi?id=85030
Reviewed by Adrienne Walker.
Adds a new layer type for IOSurface layers and pipes through a separate path through to rendering. IOSurface
layers are very simple - they have an IOSurface id and size, nothing else. All IOSurface layers are "flipped" in
our terminology.
* WebCore.gypi:
* platform/graphics/chromium/IOSurfaceLayerChromium.cpp:
(WebCore):
(WebCore::IOSurfaceLayerChromium::create):
(WebCore::IOSurfaceLayerChromium::IOSurfaceLayerChromium):
(WebCore::IOSurfaceLayerChromium::~IOSurfaceLayerChromium):
(WebCore::IOSurfaceLayerChromium::setIOSurfaceProperties):
(WebCore::IOSurfaceLayerChromium::createCCLayerImpl):
(WebCore::IOSurfaceLayerChromium::drawsContent):
(WebCore::IOSurfaceLayerChromium::pushPropertiesTo):
* platform/graphics/chromium/IOSurfaceLayerChromium.h:
(WebCore):
(IOSurfaceLayerChromium):
* platform/graphics/chromium/LayerRendererChromium.cpp:
(WebCore::LayerRendererChromium::drawIOSurfaceQuad):
(WebCore::LayerRendererChromium::cleanupSharedObjects):
* platform/graphics/chromium/LayerRendererChromium.h:
(LayerRendererChromium):
* platform/graphics/chromium/TextureLayerChromium.cpp:
(WebCore::TextureLayerChromium::TextureLayerChromium):
(WebCore::TextureLayerChromium::drawsContent):
(WebCore::TextureLayerChromium::pushPropertiesTo):
* platform/graphics/chromium/TextureLayerChromium.h:
(TextureLayerChromium):
* platform/graphics/chromium/cc/CCIOSurfaceDrawQuad.cpp:
(WebCore::CCIOSurfaceDrawQuad::create):
(WebCore::CCIOSurfaceDrawQuad::CCIOSurfaceDrawQuad):
* platform/graphics/chromium/cc/CCIOSurfaceDrawQuad.h:
(CCIOSurfaceDrawQuad):
* platform/graphics/chromium/cc/CCIOSurfaceLayerImpl.cpp:
(WebCore):
(WebCore::CCIOSurfaceLayerImpl::CCIOSurfaceLayerImpl):
(WebCore::CCIOSurfaceLayerImpl::~CCIOSurfaceLayerImpl):
(WebCore::CCIOSurfaceLayerImpl::willDraw):
(WebCore::CCIOSurfaceLayerImpl::appendQuads):
(WebCore::CCIOSurfaceLayerImpl::dumpLayerProperties):
(WebCore::CCIOSurfaceLayerImpl::didLoseContext):
(WebCore::CCIOSurfaceLayerImpl::setIOSurfaceProperties):
* platform/graphics/chromium/cc/CCIOSurfaceLayerImpl.h:
(WebCore):
(CCIOSurfaceLayerImpl):
(WebCore::CCIOSurfaceLayerImpl::create):
* platform/graphics/chromium/cc/CCTextureLayerImpl.cpp:
(WebCore::CCTextureLayerImpl::CCTextureLayerImpl):
(WebCore::CCTextureLayerImpl::~CCTextureLayerImpl):
(WebCore::CCTextureLayerImpl::appendQuads):
(WebCore::CCTextureLayerImpl::didLoseContext):
* platform/graphics/chromium/cc/CCTextureLayerImpl.h:
(CCTextureLayerImpl):
2012-04-27 Arvid Nilsson <anilsson@rim.com>
[BlackBerry] OpenGL related bug fixes
https://bugs.webkit.org/show_bug.cgi?id=84836
Reviewed by Antonio Gomes.
PR147254, 148933, 149117, 149721, 150228
No new tests, covered by existing BlackBerry browser stress tests
* platform/graphics/blackberry/CanvasLayerWebKitThread.cpp:
(WebCore::CanvasLayerWebKitThread::updateTextureContentsIfNeeded):
* platform/graphics/blackberry/LayerCompositingThread.cpp:
(WebCore::LayerCompositingThread::drawTextures):
* platform/graphics/blackberry/LayerRenderer.cpp:
(WebCore::LayerRenderer::~LayerRenderer):
(WebCore::LayerRenderer::drawLayers):
(WebCore::LayerRenderer::initializeSharedGLObjects):
2012-04-27 Nat Duca <nduca@chromium.org>
Implement high-resolution time via window.performance.webkitNow()
https://bugs.webkit.org/show_bug.cgi?id=66684
This implements the high resolution time spec from
http://www.w3.org/TR/hr-time/, giving javascript access to
sub-millisecond timestamps that increase over time instead of being
subject to skewing, for example when the host machine's clock changes.
Reviewed by Tony Gentilcore.
Test: fast/performance/performance-now-timestamps.html
* page/Performance.cpp:
(WebCore::Performance::now):
(WebCore):
* page/Performance.h:
(Performance):
* page/Performance.idl:
2012-04-27 Filip Pizlo <fpizlo@apple.com>
If you get a list of DOMWrapperWorld*'s and then plan to allocate in the heap, you should ref
the DOMWrapperWorld*'s
https://bugs.webkit.org/show_bug.cgi?id=85098
<rdar://problem/11318170>
Reviewed by Sam Weinig.
No new tests because this addresses hard-to-repro flaky behavior arising from GCs at inconvenient
times.
* bindings/js/ScriptController.cpp:
(WebCore::ScriptController::getAllWorlds):
* bindings/js/ScriptController.h:
(ScriptController):
* bindings/js/WebCoreJSClientData.h:
(WebCore::WebCoreJSClientData::getAllWorlds):
* bindings/v8/ScriptController.cpp:
(WebCore::ScriptController::getAllWorlds):
* bindings/v8/ScriptController.h:
(ScriptController):
* loader/FrameLoader.cpp:
(WebCore::FrameLoader::dispatchDidClearWindowObjectsInAllWorlds):
(WebCore::FrameLoader::dispatchGlobalObjectAvailableInAllWorlds):
2012-04-27 Geoffrey Garen <ggaren@apple.com>
Removed the sole use of Weak<Unknown>
https://bugs.webkit.org/show_bug.cgi?id=85099
Reviewed by Sam Weinig.
The semantics and implementation of Weak<Unknown> are unclear because:
- Should you call a finalizer for a non-GC thingy? If so, when?
* Possible answer: No.
- If WeakImpls for GC thingies live with the GC thingies in the
heap, where do WeakImpls for non-GC thingies live?
* Possible answer: Directly in the Weak<T>.
Since no clients actually want these behaviors, it's hard to tell if
they're the right behaviors, and it's not worth the implementation
complexity. If we come up with a client that wants these behaviors, we
can always revisit this.
* bindings/js/JSNodeFilterCondition.cpp:
(WebCore::JSNodeFilterCondition::JSNodeFilterCondition): Just leave our
filter NULL if it's not an object -- that's a better way to indicate
"not a valid filter object".
(WebCore::JSNodeFilterCondition::acceptNode): Fixed up some naming to
clarify that the object we're working with is not necessarily a function.
* bindings/js/JSNodeFilterCondition.h:
(JSNodeFilterCondition): Use Weak<JSObject>, since that more closely
matches what we're trying to do.
2012-04-26 Kentaro Hara <haraken@chromium.org>
[V8] Pass Isolate to getDOMXXXMap()
https://bugs.webkit.org/show_bug.cgi?id=85022
Reviewed by Nate Chapin.
The objective is to pass Isolate around in V8 bindings.
This patch passes Isolate to getDOMXXXMap().
Also this patch removes DOMMap::getDOMDataStore() and
DOMData::getDefalutStore(), since the indirection by the
methods is redundant. This is not for performance
optimization but just for refactoring.
No tests. No change in behavior.
* bindings/v8/DOMData.cpp:
(WebCore::DOMData::getCurrentStore):
* bindings/v8/DOMData.h:
(DOMData):
* bindings/v8/V8DOMMap.cpp:
(WebCore::getDOMNodeMap):
(WebCore::getActiveDOMNodeMap):
(WebCore::getDOMObjectMap):
(WebCore::getActiveDOMObjectMap):
(WebCore::removeAllDOMObjects):
* bindings/v8/V8DOMMap.h:
(WebCore):
2012-04-26 Kentaro Hara <haraken@chromium.org>
[V8] Pass Isolate to V8BindingPerIsolateData::current()
https://bugs.webkit.org/show_bug.cgi?id=85023
Reviewed by Nate Chapin.
The objective is to pass Isolate around in V8 bindings.
This patch passes Isolate to V8BindingPerIsolateData::current().
No tests. No change in behavior.
* bindings/v8/V8Binding.h:
(WebCore::V8BindingPerIsolateData::current):
(WebCore::v8ExternalString):
2012-04-27 Dimitri Glazkov <dglazkov@chromium.org>
Unreviewed, rolling out r115484.
http://trac.webkit.org/changeset/115484https://bugs.webkit.org/show_bug.cgi?id=84555
Broke Chromium compile.
* bindings/js/JSBlobCustom.cpp:
* bindings/v8/custom/V8BlobCustom.cpp:
* fileapi/Blob.cpp:
* fileapi/Blob.h:
(Blob):
* fileapi/Blob.idl:
* workers/WorkerContext.idl:
2012-04-27 Alexandru Chiculita <achicu@adobe.com>
[CSS Shaders] Implement CSS Animations and Transitions for CSS Shaders
https://bugs.webkit.org/show_bug.cgi?id=71406
Reviewed by Dean Jackson.
I've implemented the blend function for the CustomFilterOperation. This should enable animations for CSS Shaders.
Currently, just floats are implemented. If any of the filter attributes like shader, mesh size or box mode are different,
the fallback is to use the "to" part of the animation instead. If other shader parameters do not match, it will merge the parameter values
between the "from" and "to" states.
Test: css3/filters/custom/custom-filter-animation.html
* platform/graphics/filters/CustomFilterNumberParameter.h:
(WebCore::CustomFilterNumberParameter::blend):
(CustomFilterNumberParameter):
(WebCore::CustomFilterNumberParameter::operator==):
* platform/graphics/filters/CustomFilterOperation.cpp:
(WebCore::equalCustomFilterParameters):
(WebCore):
(WebCore::checkCustomFilterParametersOrder):
(WebCore::blendCustomFilterParameters):
(WebCore::CustomFilterOperation::CustomFilterOperation):
(WebCore::CustomFilterOperation::blend):
* platform/graphics/filters/CustomFilterOperation.h:
(WebCore):
(CustomFilterOperation):
(WebCore::CustomFilterOperation::operator==):
(WebCore::CustomFilterOperation::operator!=):
* platform/graphics/filters/CustomFilterParameter.h:
(CustomFilterParameter):
(WebCore::CustomFilterParameter::isSameType):
(WebCore::CustomFilterParameter::operator==):
(WebCore::CustomFilterParameter::operator!=):
* platform/graphics/filters/CustomFilterProgram.h:
* rendering/style/StyleCustomFilterProgram.h:
(StyleCustomFilterProgram):
(WebCore::StyleCustomFilterProgram::cachedVertexShader):
(WebCore::StyleCustomFilterProgram::cachedFragmentShader):
(WebCore::StyleCustomFilterProgram::operator==):
2012-04-27 Chris Rogers <crogers@google.com>
Re-factor scheduling logic from AudioBufferSourceNode into AudioScheduledSourceNode
https://bugs.webkit.org/show_bug.cgi?id=84639
Reviewed by Eric Carlson.
Playback logic involving noteOn(), noteOff(), and playbackState were intertwined with
the AudioBufferSourceNode's buffer playback code. These are more general concepts and
may be implemented separately in another class called AudioScheduledSourceNode.
No new tests. Covered by existing layout tests.
* GNUmakefile.list.am:
Add AudioScheduledSourceNode files to makefile.
* Modules/webaudio/AudioBufferSourceNode.cpp:
(WebCore):
(WebCore::AudioBufferSourceNode::AudioBufferSourceNode):
Re-factor some member variables into new base class AudioScheduledSourceNode.
(WebCore::AudioBufferSourceNode::process):
Re-factor scheduling logic into AudioScheduledSourceNode.
* Modules/webaudio/AudioBufferSourceNode.h:
(AudioBufferSourceNode):
Simplify by re-factoring scheduling logic into AudioScheduledSourceNode.
* Modules/webaudio/AudioScheduledSourceNode.cpp: Added.
(WebCore):
(WebCore::AudioScheduledSourceNode::AudioScheduledSourceNode):
(WebCore::AudioScheduledSourceNode::updateSchedulingInfo):
Get frame information for the current time quantum.
* Modules/webaudio/AudioScheduledSourceNode.h: Added.
(WebCore::AudioScheduledSourceNode::noteOn):
(WebCore::AudioScheduledSourceNode::noteOff):
(WebCore::AudioScheduledSourceNode::finish):
(WebCore::AudioScheduledSourceNode::playbackState):
(WebCore::AudioScheduledSourceNode::isPlayingOrScheduled):
(WebCore::AudioScheduledSourceNode::hasFinished):
Re-factored from AudioBufferSourceNode.
* WebCore.gypi:
* WebCore.xcodeproj/project.pbxproj:
Add AudioScheduledSourceNode files to makefiles.
2012-04-26 Sam Weinig <sam@webkit.org>
Add support for the Blob constructor
https://bugs.webkit.org/show_bug.cgi?id=84555
Reviewed by Maciej Stachowiak.
Test: fast/files/blob-constructor.html
This adds an implementation of the Blob constructor that willfully
violates the W3C Editor’s Draft 29 February 2012 in the following ways:
- Elements in the parts array are coerced to DOMStrings https://www.w3.org/Bugs/Public/show_bug.cgi?id=16721
- Don't throw for invalid key in the dictionary https://www.w3.org/Bugs/Public/show_bug.cgi?id=16727
- Values for the endings property are treated as enums https://www.w3.org/Bugs/Public/show_bug.cgi?id=16729
* bindings/js/JSBlobCustom.cpp:
(WebCore::JSBlobConstructor::constructJSBlob):
Implement blob constructor.
* bindings/v8/custom/V8BlobCustom.cpp:
(WebCore::V8Blob::constructorCallback):
Implement blob constructor.
* fileapi/Blob.idl:
Add constructor to IDL.
* workers/WorkerContext.idl:
Add Blob constructor to the worker global object.
2012-04-27 Allan Sandfeld Jensen <allan.jensen@nokia.com>
[Qt] Fix minimal build.
https://bugs.webkit.org/show_bug.cgi?id=85045
Reviewed by Tor Arne Vestbø.
Compile LIBXML XML parser even if ENABLE_XSLT is not set.
* Target.pri:
2012-04-27 Shawn Singh <shawnsingh@chromium.org>
Infinite backgroundClipRect should not be scrolled.
https://bugs.webkit.org/show_bug.cgi?id=84979
Reviewed by Adrienne Walker.
Test: compositing/iframes/scroll-fixed-transformed-element.html
By accidentally scrolling clipRects that should be considered
"infinite", they were no longer being considered infinite. This
caused a chain of un-intended code paths that caused fixed
position elements to stutter when scrolling in Chromium.
* rendering/RenderLayer.cpp:
(WebCore::RenderLayer::backgroundClipRect):
2012-04-27 Ryosuke Niwa <rniwa@webkit.org>
FormatBlock crashes when body element is removed prior to the command execution
https://bugs.webkit.org/show_bug.cgi?id=84937
Reviewed by Tony Chang.
The crash was because because DOM had been modified since the last time selection had been "validated",
and therefore frame selection's endpoints are no longer visible when we instantiated visibleStart
and visibleEnd from m_endingSelection of the edit command.
Fixed the bug by checking the nullity and orphanedness of visible start and visible end directly.
I suspect we have similar bugs in other commands. The fundamental problem is that the copy constructor
of VisibleSelection never validates so when a VisibleSelection is passed from one class to another
(e.g. FrameSelection to EditCommand), we may not adjust end points as needed.
Test: editing/execCommand/format-block-without-body-crash.html
* editing/ApplyBlockElementCommand.cpp:
(WebCore::ApplyBlockElementCommand::doApply):
2012-04-27 Enrica Casucci <enrica@apple.com>
REGRESSION(r96257): Deleting a large amount of text is very slow.
https://bugs.webkit.org/show_bug.cgi?id=83983
<rdar://problem/10826076>
Reviewed by Ryosuke Niwa.
The change in r96257 did not cause the performance regression per se,
but exposed a problem in the way we calculate the offset in container
node when the anchorType is PositionIsOffsetInAnchor.
The offset was computed as the minimum between the given offset and
lastOffsetInNode. If the container has a very large number of children,
we walk the entire list of child nodes in the container simply to find
out how many they are.
Looking through the entire editing code, I found other 2 cases (one
is only an ASSERT) where we could do a similar optimization.
No new tests. No behavior change, only performance optimization.
* dom/Position.cpp:
(WebCore::Position::computeOffsetInContainerNode):
* dom/Position.h:
(WebCore::minOffsetForNode):
(WebCore::offsetIsBeforeLastNodeOffset):
* editing/ApplyStyleCommand.cpp:
(WebCore::ApplyStyleCommand::removeInlineStyle):
(WebCore::ApplyStyleCommand::mergeEndWithNextIfIdentical):
2012-04-27 Julien Chaffraix <jchaffraix@webkit.org>
NULL-deref in RenderBox::clippedOverflowRectForRepaint
https://bugs.webkit.org/show_bug.cgi?id=84774
Reviewed by Tony Chang.
Test: fast/inline/crash-new-continuation-with-outline.html
The bug comes from trying to repaint the :after content as part of updateBeforeAfterContent.
The repainting logic would query the yet-to-be-inserted continuation(). Then we would crash in
RenderBox::clippedOverflowRectForRepaint as we didn't have an enclosingLayer() (which any
RenderObject in the tree will have).
The fix is to check in RenderInline::clippedOverflowRectForRepaint that our continuation()
is properly inserted in the tree. We could check that it isRooted() but it's an overkill here.
* rendering/RenderInline.cpp:
(WebCore::RenderInline::clippedOverflowRectForRepaint):
2012-04-27 Antti Koivisto <antti@apple.com>
Memory cache pruning should be protected against reentering.
https://bugs.webkit.org/show_bug.cgi?id=85077
Reviewed by Alexey Proskuryakov.
MemoryCache::pruneDeadResourcesToSize() has some ad-hock protection against reentering.
This patch adds more complete protection.
* loader/cache/MemoryCache.cpp:
(WebCore::MemoryCache::MemoryCache):
(WebCore::MemoryCache::pruneLiveResourcesToSize):
Protect live resource pruning too.
(WebCore::MemoryCache::pruneDeadResourcesToSize):
Remove the existing weak reentrancy handling in favor of full proctection.
* loader/cache/MemoryCache.h:
(MemoryCache):
2012-04-27 Alexander Pavlov <apavlov@chromium.org>
Web Inspector: Implement the "Disable JavaScript" option in the settings dialog
(re-landing r115417 with a test that should work on Windows.)
https://bugs.webkit.org/show_bug.cgi?id=84946
Reviewed by Yury Semikhatsky.
Test: inspector/debugger/disable-script.html
* inspector/Inspector.json:
* inspector/InspectorPageAgent.cpp:
(PageAgentState):
(WebCore::InspectorPageAgent::enable):
(WebCore::InspectorPageAgent::disable):
(WebCore::InspectorPageAgent::getScriptExecutionStatus):
(WebCore):
(WebCore::InspectorPageAgent::setScriptExecutionDisabled):
* inspector/InspectorPageAgent.h:
* inspector/front-end/Settings.js:
* inspector/front-end/SettingsScreen.js:
(WebInspector.SettingsScreen):
(WebInspector.SettingsScreen.prototype.get _updateScriptDisabledCheckbox):
(WebInspector.SettingsScreen.prototype._javaScriptDisabledChanged):
* inspector/front-end/inspector.js:
2012-04-27 Keishi Hattori <keishi@webkit.org>
IETC HTML5: verify HTMLDataListElement - instanceof HTMLDataListElement fails.
https://bugs.webkit.org/show_bug.cgi?id=81196
Reviewed by Kent Tamura.
Test: fast/dom/Window/window-properties.html, fast/dom/Window/window-lookup-precedence.html
HTMLDataListElement should be available on DOMWindow.
* page/DOMWindow.idl: Added HTMLDataListElement.
2012-04-27 Dimitri Glazkov <dglazkov@chromium.org>
Unreviewed, rolling out r115417.
http://trac.webkit.org/changeset/115417https://bugs.webkit.org/show_bug.cgi?id=84946
Added test is broken on windows.
* inspector/Inspector.json:
* inspector/InspectorPageAgent.cpp:
(WebCore::InspectorPageAgent::enable):
(WebCore::InspectorPageAgent::disable):
* inspector/InspectorPageAgent.h:
* inspector/front-end/Settings.js:
* inspector/front-end/SettingsScreen.js:
(WebInspector.SettingsScreen):
* inspector/front-end/inspector.js:
2012-04-27 Gavin Peters <gavinp@chromium.org>
Add new ENABLE_LINK_PRERENDER define to control the Prerendering API
https://bugs.webkit.org/show_bug.cgi?id=84871
Reviewed by Adam Barth.
Prerendering is currently covered by the ENABLE_LINK_PREFETCH macro, but the new Prerendering
API separates it from prefetching. Having separate include guards lets ports enable prefetching,
a relatively easy change, without needing to build the infrastructure for prerendering, which
is considerably more complicated.
* Configurations/FeatureDefines.xcconfig:
2012-04-27 Zan Dobersek <zandobersek@gmail.com>
[Gtk][DOM Bindings] Feature-protected properties are put under condition guards
https://bugs.webkit.org/show_bug.cgi?id=85068
Reviewed by Martin Robinson.
Generated feature-dependent properties are now present regardless of that
feature being enabled. On getting or setting that property's value a warning
is thrown if the feature is not enabled. Additionally, if the generated
interface is feature-dependant, when getting or setting any property's value
a warning is thrown if the feature is not enabled.
No new tests - covered by existing bindings tests.
* bindings/scripts/CodeGeneratorGObject.pm:
(GenerateProperty):
(GenerateProperties):
* bindings/scripts/test/GObject/WebKitDOMTestInterface.cpp: Rebaseline.
(webkit_dom_test_interface_set_property):
(webkit_dom_test_interface_get_property):
(webkit_dom_test_interface_class_init):
* bindings/scripts/test/GObject/WebKitDOMTestObj.cpp: Ditto.
(webkit_dom_test_obj_set_property):
(webkit_dom_test_obj_get_property):
(webkit_dom_test_obj_class_init):
* bindings/scripts/test/GObject/WebKitDOMTestSerializedScriptValueInterface.cpp: Ditto.
(webkit_dom_test_serialized_script_value_interface_get_property):
2012-04-27 Zan Dobersek <zandobersek@gmail.com>
[Gtk][DOM Bindings] Conditional string in implementation file generated in wrong place after 113450
https://bugs.webkit.org/show_bug.cgi?id=85065
Reviewed by Martin Robinson.
Put the condition string in implementation file after the header inclusions. This ensures
that build errors do not occur when disabling the future that applies to the condition string
because of WebCore objects and methods that are still in use despite the feature being disabled.
No new tests - covered by bindings tests.
* bindings/scripts/CodeGeneratorGObject.pm:
(WriteData):
* bindings/scripts/test/GObject/WebKitDOMTestCallback.cpp: Rebaseline generated results.
* bindings/scripts/test/GObject/WebKitDOMTestInterface.cpp: Ditto.
* bindings/scripts/test/GObject/WebKitDOMTestSerializedScriptValueInterface.cpp: Ditto.
2012-04-27 Andreas Kling <kling@webkit.org>
Avoid mutating Element attribute storage in StepRange constructor.
<http://webkit.org/b/84797>
Reviewed by Antti Koivisto.
Test: fast/selectors/querySelector-in-range-crash.html
* dom/Attribute.h:
Add comment about the volatility of references returned by getters.
* html/StepRange.cpp:
(WebCore::StepRange::StepRange):
Replace hasAttribute/getAttribute pair by a single fastGetAttribute.
* html/HTMLInputElement.cpp:
(WebCore::HTMLInputElement::updateType):
(WebCore::HTMLInputElement::value):
Store the value attribute in an local variable before passing it to sanitizeValue().
2012-04-27 Rob Buis <rbuis@rim.com>
SVG inline style of 'marker-*' does not override
https://bugs.webkit.org/show_bug.cgi?id=84824
Reviewed by Nikolas Zimmermann.
Properly handle CSSValueNone for clip-path, filter, mask and marker-* properties. Instead
of bailing out, set the none value explicitly, since an earlier match may have set it to
something other than none.
Tests: svg/custom/inline-style-overrides-clipPath-expected.svg
svg/custom/inline-style-overrides-clipPath.svg
svg/custom/inline-style-overrides-filter-expected.svg
svg/custom/inline-style-overrides-filter.svg
svg/custom/inline-style-overrides-markers-expected.svg
svg/custom/inline-style-overrides-markers.svg
svg/custom/inline-style-overrides-mask-expected.svg
svg/custom/inline-style-overrides-mask.svg
* css/SVGCSSStyleSelector.cpp:
(WebCore::StyleResolver::applySVGProperty):
2012-04-27 Christophe Dumez <christophe.dumez@intel.com>
[EFL] media/video-controls-rendering-toggle-display-none.html is failing
https://bugs.webkit.org/show_bug.cgi?id=84949
Reviewed by Antonio Gomes.
Fix volume slider rendering so that the
media/video-controls-rendering-toggle-display-none.html passes.
* css/mediaControlsEfl.css:
(audio::-webkit-media-controls-mute-button, video::-webkit-media-controls-mute-button):
(audio::-webkit-media-controls-volume-slider-container, video::-webkit-media-controls-volume-slider-container):
(audio::-webkit-media-controls-volume-slider, video::-webkit-media-controls-volume-slider):
2012-04-27 Nikolas Zimmermann <nzimmermann@rim.com>
Support values animation mode with just a single value
https://bugs.webkit.org/show_bug.cgi?id=85064
Reviewed by Antti Koivisto.
values="a" is equal to <set to="a"> per SMIL specification.
We currently only support values animation if at least two values are given, fix that.
The reference animations in Dr. Olaf Hoffmanns SVG Animation test suite are mostly using
values animations, sometimes with only a single value given. Lots of the reference animations
are broken in trunk w/o this patch and now work as expected.
See http://hoffmann.bplaced.net/svgtest/index.php?s=en&in=start.
Test: svg/animations/single-values-animation.html
* svg/SVGAnimationElement.cpp:
(WebCore::SVGAnimationElement::calculateKeyTimesForCalcModePaced):
(WebCore::SVGAnimationElement::currentValuesForValuesAnimation):
(WebCore::SVGAnimationElement::startedActiveInterval):
2012-04-27 Konrad Piascik <kpiascik@rim.com>
Web Inspector: Allow inspection of Web Socket Frames
https://bugs.webkit.org/show_bug.cgi?id=83282
Reviewed by Pavel Feldman.
Tests: http/tests/inspector/web-socket-frame-error.html
http/tests/inspector/web-socket-frame.html
* English.lproj/localizedStrings.js: Added new Web Inspector front-end UI strings.
* Modules/websockets/WebSocketChannel.cpp: Added InspectorInstrumentation calls to
the following methods.
(WebCore::WebSocketChannel::fail):
(WebCore::WebSocketChannel::processFrame):
(WebCore::WebSocketChannel::sendFrame):
* WebCore.gypi: Added new Web Inspector resource file.
* WebCore.vcproj/WebCore.vcproj: Added new Web Inspector resource file.
* inspector/Inspector.json: Added new Web Inspector resource file.
* inspector/InspectorInstrumentation.cpp: Added new methods for instrumenting a Web Socket frame or error.
(WebCore::InspectorInstrumentation::didReceiveWebSocketFrameImpl):
(WebCore::InspectorInstrumentation::didReceiveWebSocketFrameErrorImpl):
(WebCore::InspectorInstrumentation::didSendWebSocketFrameImpl):
* inspector/InspectorInstrumentation.h:
(WebCore):
(InspectorInstrumentation):
(WebCore::InspectorInstrumentation::didReceiveWebSocketFrame):
(WebCore::InspectorInstrumentation::didReceiveWebSocketFrameError):
(WebCore::InspectorInstrumentation::didSendWebSocketFrame):
* inspector/InspectorResourceAgent.cpp:
(WebCore::InspectorResourceAgent::didReceiveWebSocketFrame):
(WebCore):
(WebCore::InspectorResourceAgent::didSendWebSocketFrame):
(WebCore::InspectorResourceAgent::didReceiveWebSocketFrameError):
* inspector/InspectorResourceAgent.h:
(WebCore):
(InspectorResourceAgent):
* inspector/compile-front-end.py: Added new Web Inspector resource file.
* inspector/front-end/NetworkItemView.js: Added a new View for inspecting Web Socket frames and errors.
(WebInspector.NetworkItemView):
* inspector/front-end/NetworkManager.js: Implemented callback called by InspectorResourceAgent for
the new Web Socket frame and error calls.
(WebInspector.NetworkDispatcher.prototype.webSocketFrameReceived):
(WebInspector.NetworkDispatcher.prototype.webSocketFrameSent):
(WebInspector.NetworkDispatcher.prototype.webSocketFrameError):
* inspector/front-end/NetworkRequest.js: Added a frames array to a Resource request along
with accessor and helper methods
(WebInspector.NetworkRequest):
(WebInspector.NetworkRequest.prototype.resource):
(WebInspector.NetworkRequest.prototype.hasFrames):
(WebInspector.NetworkRequest.prototype.frameLength):
(WebInspector.NetworkRequest.prototype.getFrame):
(WebInspector.NetworkRequest.prototype.addFrameError):
(WebInspector.NetworkRequest.prototype.addFrame):
(WebInspector.NetworkRequest.prototype._pushFrame):
* inspector/front-end/ResourceWebSocketFrameView.js: Added to help display Web Socket frame and error data.
(WebInspector.ResourceWebSocketFrameView):
* inspector/front-end/WebKit.qrc: Added new Web Inspector resource file.
* inspector/front-end/inspector.html: Added new Web Inspector resource file.
2012-04-27 Nikolas Zimmermann <nzimmermann@rim.com>
Fix repetitions & by animation support for SVGAnimateTransformElement
https://bugs.webkit.org/show_bug.cgi?id=85051
Reviewed by Antti Koivisto.
Repetitions are currently handled by adjusting percentage (percentage += repeatCount).
This doesn't work for <animateTransform> as each repetition has to be post-multiplied to the animated transform list. Fix that.
By-animations are equal to values="0;by" animations in SMIL. '0' is the neutral element of addition, which is the _zero_ matrix,
not the identity matrix for SVGTransform. Add a new construction mode to SVGTransform to be able to construct zero transforms.
Tests: svg/animations/animateTransform-accumulation-expected.svg
svg/animations/animateTransform-accumulation.svg
svg/animations/animateTransform-by-scale-expected.svg
svg/animations/animateTransform-by-scale.svg
svg/animations/animateTransform-from-by-from-to-comparision-expected.svg
svg/animations/animateTransform-from-by-from-to-comparision.svg
svg/animations/animateTransform-from-by-scale-additive-sum-expected.svg
svg/animations/animateTransform-from-by-scale-additive-sum.svg
svg/animations/animateTransform-from-by-scale-expected.svg
svg/animations/animateTransform-from-by-scale.svg
svg/animations/animateTransform-rotate-around-point-expected.svg
svg/animations/animateTransform-rotate-around-point.svg
svg/animations/animateTransform-skewX-expected.svg
svg/animations/animateTransform-skewX.svg
svg/animations/animateTransform-skewY-expected.svg
svg/animations/animateTransform-skewY.svg
svg/animations/animateTransform-translate-expected.svg
svg/animations/animateTransform-translate.svg
svg/animations/multiple-animateTransform-additive-sum-expected.svg
svg/animations/multiple-animateTransform-additive-sum.svg
* svg/SVGAnimateTransformElement.cpp:
(WebCore::SVGAnimateTransformElement::parseAttribute):
* svg/SVGAnimatedTransformList.cpp:
(WebCore::SVGAnimatedTransformListAnimator::addAnimatedTypes):
(WebCore::SVGAnimatedTransformListAnimator::calculateAnimatedValue):
* svg/SVGAnimationElement.h:
(WebCore::SVGAnimationElement::adjustFromToListValues):
* svg/SVGTransform.cpp:
(WebCore::SVGTransform::SVGTransform):
* svg/SVGTransform.h:
* svg/SVGTransformDistance.cpp:
(WebCore::SVGTransformDistance::SVGTransformDistance):
(WebCore::SVGTransformDistance::scaledDistance):
(WebCore::SVGTransformDistance::addSVGTransforms):
(WebCore::SVGTransformDistance::addToSVGTransform):
(WebCore::SVGTransformDistance::distance):
* svg/SVGTransformDistance.h:
(SVGTransformDistance):
2012-04-27 Nikolas Zimmermann <nzimmermann@rim.com>
SVG Animations update baseVal instead of animVal
https://bugs.webkit.org/show_bug.cgi?id=12437
Reviewed by Dirk Schulze.
Cleanup animation code, remove last remaining crufts of the old setAttribute() animation model.
Now only two animation modes remain: animate SVG DOM animVal properties or CSS properties.
Stop caching base values per string in SMILTimeContainer, as it breaks additive="sum" for CSS
properties if the underlying base value is changed from the outside (eg. when calling
style.fontSize="20px", if font-size was 10px, and we're running an additive by-animation with 50px).
This requires us to cache the computed style of a SVGElement, without SMIL style property changes,
in SVGElementRareData, similar to how the computed style itself is cached in ElementRareData.
To be able to compute the base value for a CSS property at any time, we have to exclude any
previous animation effects residing in the SMIL animated style properties, per SMIL2/3 specs.
NOTE: This doesn't change or affect the way CSS Animations/Transitions are applied, we still
have some bugs in that area, but this patch doesn't address them. The idea is to only
remove the cache, to pave the way for future additive="sum" patches.
Tests: svg/animations/change-css-property-while-animating-fill-freeze.html
svg/animations/change-css-property-while-animating-fill-remove.html
* dom/Element.cpp:
(WebCore::Element::recalcStyle):
* dom/Node.h:
* svg/SVGAnimateElement.cpp:
(WebCore::propertyTypesAreConsistent):
(WebCore::SVGAnimateElement::resetToBaseValue):
(WebCore::SVGAnimateElement::applyResultsToTarget):
* svg/SVGAnimateElement.h:
(SVGAnimateElement):
* svg/SVGAnimateMotionElement.cpp:
(WebCore::SVGAnimateMotionElement::resetToBaseValue):
* svg/SVGAnimateMotionElement.h:
(SVGAnimateMotionElement):
* svg/SVGAnimationElement.cpp:
(WebCore::applyCSSPropertyToTarget):
(WebCore::SVGAnimationElement::setTargetAttributeAnimatedCSSValue):
* svg/SVGAnimationElement.h:
* svg/SVGElement.cpp:
(WebCore::SVGElement::SVGElement):
(WebCore::SVGElement::willRecalcStyle):
(WebCore):
(WebCore::SVGElement::rareSVGData):
(WebCore::SVGElement::ensureRareSVGData):
(WebCore::SVGElement::computedStyle):
(WebCore::SVGElement::isAnimatableAttribute):
* svg/SVGElement.h:
(SVGElement):
* svg/SVGElementRareData.h:
(WebCore::SVGElementRareData::SVGElementRareData):
(WebCore::SVGElementRareData::ensureAnimatedSMILStyleProperties):
(WebCore::SVGElementRareData::destroyAnimatedSMILStyleProperties):
(WebCore::SVGElementRareData::overrideComputedStyle):
(WebCore::SVGElementRareData::setUseOverrideComputedStyle):
* svg/animation/SMILTimeContainer.cpp:
(WebCore::SMILTimeContainer::updateAnimations):
* svg/animation/SMILTimeContainer.h:
(SMILTimeContainer):
* svg/animation/SVGSMILElement.h:
(SVGSMILElement):
2012-04-26 Alexander Pavlov <apavlov@chromium.org>
Web Inspector: Implement the "Disable JavaScript" option in the settings dialog
(re-landing r115323 with a fixed test.)
https://bugs.webkit.org/show_bug.cgi?id=84946
Based on user actions in the Inspector frontend, InspectorPageAgent invokes Settings::setScriptEnabled()
for the associated page to switch the script execution therein.
Reviewed by Yury Semikhatsky.
Test: inspector/debugger/disable-script.html
* inspector/Inspector.json:
* inspector/InspectorPageAgent.cpp:
(PageAgentState):
(WebCore::InspectorPageAgent::enable):
(WebCore::InspectorPageAgent::disable):
(WebCore::InspectorPageAgent::getScriptExecutionStatus):
(WebCore):
(WebCore::InspectorPageAgent::setScriptExecutionDisabled):
* inspector/InspectorPageAgent.h:
* inspector/front-end/Settings.js:
* inspector/front-end/SettingsScreen.js:
(WebInspector.SettingsScreen):
(WebInspector.SettingsScreen.prototype.get _updateScriptDisabledCheckbox):
(WebInspector.SettingsScreen.prototype._javaScriptDisabledChanged):
* inspector/front-end/inspector.js:
2012-04-26 Ryosuke Niwa <rniwa@webkit.org>
REGRESSION (r94497): Pressing Command+A when inline (Marked Text) is not empty will clean whole content
https://bugs.webkit.org/show_bug.cgi?id=84501
Reviewed by Alexey Proskuryakov.
The bug was caused by setComposition, which is called by cancelComposition, deleting the contents when
the passed text is empty. Fixed it by not deleting text when canceling compositions. This is okay because
as the comment above the line suggests, this particular call to TypingCommand::deleteSelection is only useful
when the confirmed text is empty and the composition text had previously been non-empty.
Test: editing/input/select-all-clear-input-method.html
* editing/Editor.cpp:
(WebCore::Editor::setComposition):
2012-04-26 Keishi Hattori <keishi@webkit.org>
datalist: Form control in a <datalist> should be barred from constraint validation
https://bugs.webkit.org/show_bug.cgi?id=84359http://www.whatwg.org/specs/web-apps/current-work/multipage/the-button-element.html#the-datalist-element
According to this, if an element has a datalist element ancestor, it is barred from constraint validation.
Reviewed by Kent Tamura.
Test: fast/forms/datalist/datalist-child-validation.html
* html/HTMLFormControlElement.cpp:
(WebCore::HTMLFormControlElement::HTMLFormControlElement):
(WebCore::HTMLFormControlElement::updateAncestors): Updates the ancestor information.
(WebCore::HTMLFormControlElement::insertedInto): Invalidates the ancestor information and calls setNeedsWillValidateCheck
(WebCore::HTMLFormControlElement::removedFrom): Invalidates the ancestor information and calls setNeedsWillValidateCheck
(WebCore::HTMLFormControlElement::disabled):
(WebCore::HTMLFormControlElement::recalcWillValidate): Returns false if element has a datalist ancestor.
(WebCore::HTMLFormControlElement::setNeedsWillValidateCheck): Check if ancestor information is valid too.
* html/HTMLFormControlElement.h:
(HTMLFormControlElement):
2012-04-26 Adrienne Walker <enne@google.com>
[chromium] Remove unused CCLayerImpl::debugID()
https://bugs.webkit.org/show_bug.cgi?id=85019
Reviewed by James Robinson.
CCLayerSorter used debugID() but it was never set anywhere. Change
the CCLayerSorter LOG messages to use id(), which does get set.
* platform/graphics/chromium/cc/CCLayerImpl.h:
(CCLayerImpl):
* platform/graphics/chromium/cc/CCLayerSorter.cpp:
(WebCore::CCLayerSorter::createGraphNodes):
(WebCore::CCLayerSorter::createGraphEdges):
(WebCore::CCLayerSorter::sort):
2012-04-26 Nico Weber <thakis@chromium.org>
[chromium] Fix C++ language use.
https://bugs.webkit.org/show_bug.cgi?id=85015
Reviewed by James Robinson.
Even though MSVC allows it, a sizeof followed by a non-parenthesized
typename is not valid C++.
No functionality change.
* rendering/RenderThemeChromiumWin.cpp:
(WebCore):
(WebCore::getNonClientMetrics):
2012-04-24 James Robinson <jamesr@chromium.org>
[chromium] Move ProgramBinding definitions to LayerRendererChromium and normalize naming
https://bugs.webkit.org/show_bug.cgi?id=84808
Reviewed by Adrienne Walker.
The GL programs used are logically part of LayerRendererChromium and not something specific to a layer type,
since a different renderer would want to use a different thing to render the same layer types. This moves all of
the ProgramBinding definitions into LayerRendererChromium and gives them consistent names. With the exception of
CCRenderSurface (noted by an inline comment), these programs are private to LRC.
This patch also deduplicates programs a bit:
1.) Video's NativeTexture and RGBA programs were the same thing, folded.
2.) The TexStretch and TexTransform shaders are basically the same thing, folded together.
* platform/graphics/chromium/LayerChromium.h:
(LayerChromium):
* platform/graphics/chromium/LayerRendererChromium.cpp:
(WebCore::LayerRendererChromium::drawCheckerboardQuad):
(WebCore::LayerRendererChromium::drawDebugBorderQuad):
(WebCore::LayerRendererChromium::drawSolidColorQuad):
(WebCore::LayerRendererChromium::drawTileQuad):
(WebCore::LayerRendererChromium::drawYUV):
(WebCore::LayerRendererChromium::drawRGBA):
(WebCore::LayerRendererChromium::drawNativeTexture2D):
(WebCore::LayerRendererChromium::drawStreamTexture):
(WebCore::LayerRendererChromium::drawTextureQuad):
(WebCore::LayerRendererChromium::drawHeadsUpDisplay):
(WebCore::LayerRendererChromium::initializeSharedObjects):
(WebCore::LayerRendererChromium::tileCheckerboardProgram):
(WebCore::LayerRendererChromium::solidColorProgram):
(WebCore::LayerRendererChromium::headsUpDisplayProgram):
(WebCore::LayerRendererChromium::renderSurfaceProgram):
(WebCore::LayerRendererChromium::renderSurfaceProgramAA):
(WebCore::LayerRendererChromium::renderSurfaceMaskProgram):
(WebCore::LayerRendererChromium::renderSurfaceMaskProgramAA):
(WebCore::LayerRendererChromium::tileProgram):
(WebCore::LayerRendererChromium::tileProgramOpaque):
(WebCore::LayerRendererChromium::tileProgramAA):
(WebCore::LayerRendererChromium::tileProgramSwizzle):
(WebCore::LayerRendererChromium::tileProgramSwizzleOpaque):
(WebCore::LayerRendererChromium::tileProgramSwizzleAA):
(WebCore::LayerRendererChromium::textureProgramFlip):
(WebCore::LayerRendererChromium::textureTexRectProgram):
(WebCore::LayerRendererChromium::textureTexRectProgramFlip):
(WebCore::LayerRendererChromium::videoRGBAProgram):
(WebCore::LayerRendererChromium::videoYUVProgram):
(WebCore::LayerRendererChromium::videoStreamTextureProgram):
(WebCore::LayerRendererChromium::cleanupSharedObjects):
* platform/graphics/chromium/LayerRendererChromium.h:
(WebCore):
(LayerRendererChromium):
* platform/graphics/chromium/ShaderChromium.cpp:
* platform/graphics/chromium/ShaderChromium.h:
* platform/graphics/chromium/cc/CCHeadsUpDisplay.h:
(CCHeadsUpDisplay):
* platform/graphics/chromium/cc/CCLayerTreeHostImpl.cpp:
* platform/graphics/chromium/cc/CCLayerTreeHostImpl.h:
(WebCore):
* platform/graphics/chromium/cc/CCRenderSurface.cpp:
(WebCore::CCRenderSurface::copyTextureToFramebuffer):
(WebCore::CCRenderSurface::drawLayer):
* platform/graphics/chromium/cc/CCRenderSurface.h:
(CCRenderSurface):
* platform/graphics/chromium/cc/CCSingleThreadProxy.cpp:
* platform/graphics/chromium/cc/CCTextureLayerImpl.h:
(CCTextureLayerImpl):
* platform/graphics/chromium/cc/CCThreadProxy.cpp:
* platform/graphics/chromium/cc/CCTiledLayerImpl.h:
(CCTiledLayerImpl):
* platform/graphics/chromium/cc/CCVideoLayerImpl.h:
(WebCore):
(CCVideoLayerImpl):
2012-04-26 Jeffrey Pfau <jpfau@apple.com>
Invalid cast in WebCore::HTMLCollection::isAcceptableElement
https://bugs.webkit.org/show_bug.cgi?id=84626
Reviewed by Darin Adler.
Check if the object is an HTMLElement before casting.
Test: fast/dom/htmlcollection-non-html.html
* html/HTMLCollection.cpp:
(WebCore::HTMLCollection::isAcceptableElement):
2012-04-26 Dana Jansens <danakj@chromium.org>
[chromium] Some background filters require inflating damage on the surface behind them
https://bugs.webkit.org/show_bug.cgi?id=84479
Reviewed by Adrienne Walker.
A layer with a background blur will expand the damage from pixels in the
surface below it. We extend the damage tracker to expand damage in a
surface below such layers.
Unit test: CCDamageTrackerTest.verifyDamageForBackgroundBlurredChild
* platform/graphics/chromium/cc/CCDamageTracker.cpp:
(WebCore::expandPixelOutsetsWithFilters):
(WebCore):
(WebCore::expandDamageRectInsideRectWithFilters):
(WebCore::expandDamageRectWithFilters):
(WebCore::CCDamageTracker::updateDamageTrackingState):
(WebCore::CCDamageTracker::trackDamageFromActiveLayers):
* platform/graphics/chromium/cc/CCDamageTracker.h:
(CCDamageTracker):
2012-04-26 Simon Fraser <simon.fraser@apple.com>
Improve compositing logging output
https://bugs.webkit.org/show_bug.cgi?id=85010
Reviewed by Dean Jackson.
In the compositing log channel output, indent the layers
based on z-order tree depth. Tabulate the summary, and
show obligate and secondary backing store area separately.
* rendering/RenderLayer.cpp:
(WebCore::RenderLayer::updateClipRects):
* rendering/RenderLayerCompositor.cpp:
(WebCore::RenderLayerCompositor::RenderLayerCompositor):
(WebCore::RenderLayerCompositor::updateCompositingLayers):
(WebCore::RenderLayerCompositor::logLayerInfo):
(WebCore::RenderLayerCompositor::rebuildCompositingLayerTree):
(WebCore::RenderLayerCompositor::updateLayerTreeGeometry):
(WebCore::RenderLayerCompositor::reasonForCompositing):
* rendering/RenderLayerCompositor.h:
(RenderLayerCompositor):
2012-04-26 Anders Carlsson <andersca@apple.com>
REGRESSION (r115163): Unable to scroll article body with trackpad on altdevblogaday.com blog post
https://bugs.webkit.org/show_bug.cgi?id=85024
<rdar://problem/11330758>
Reviewed by Sam Weinig.
Fix broken logic in canHaveScrollbars.
* page/scrolling/ScrollingTreeNode.h:
(WebCore::ScrollingTreeNode::canHaveScrollbars):
2012-04-24 James Robinson <jamesr@chromium.org>
[chromium] Use different CCDrawQuad types for textures vs IOSurfaces
https://bugs.webkit.org/show_bug.cgi?id=84811
Reviewed by Adrienne Walker.
IOSurface and texture backed layers share few properties (only the flipped bool), so it doesn't make a lot of
sense for them to use the same CCDrawQuad type for both. This splits IOSurfaces out to a dedicated quad type to
make it easier to understand which bits of state apply to each.
The logical next step after this is to split the layer type as well, but that will be awkward until bug 84808 is
resolved.
* WebCore.gypi:
* platform/graphics/chromium/LayerRendererChromium.cpp:
(WebCore::LayerRendererChromium::drawQuad):
(WebCore::LayerRendererChromium::drawTextureQuad):
(WebCore):
(WebCore::LayerRendererChromium::drawIOSurfaceQuad):
* platform/graphics/chromium/LayerRendererChromium.h:
(LayerRendererChromium):
* platform/graphics/chromium/cc/CCDrawQuad.cpp:
(WebCore::CCDrawQuad::toIOSurfaceDrawQuad):
(WebCore):
* platform/graphics/chromium/cc/CCDrawQuad.h:
(WebCore):
(CCDrawQuad):
* platform/graphics/chromium/cc/CCIOSurfaceDrawQuad.cpp: Copied from Source/WebCore/platform/graphics/chromium/cc/CCTextureDrawQuad.cpp.
(WebCore):
(WebCore::CCIOSurfaceDrawQuad::create):
(WebCore::CCIOSurfaceDrawQuad::CCIOSurfaceDrawQuad):
* platform/graphics/chromium/cc/CCIOSurfaceDrawQuad.h: Copied from Source/WebCore/platform/graphics/chromium/cc/CCTextureDrawQuad.h.
(WebCore):
(CCIOSurfaceDrawQuad):
(WebCore::CCIOSurfaceDrawQuad::flipped):
(WebCore::CCIOSurfaceDrawQuad::ioSurfaceSize):
(WebCore::CCIOSurfaceDrawQuad::ioSurfaceTextureId):
* platform/graphics/chromium/cc/CCTextureDrawQuad.cpp:
(WebCore::CCTextureDrawQuad::create):
(WebCore::CCTextureDrawQuad::CCTextureDrawQuad):
* platform/graphics/chromium/cc/CCTextureDrawQuad.h:
(CCTextureDrawQuad):
* platform/graphics/chromium/cc/CCTextureLayerImpl.cpp:
(WebCore::CCTextureLayerImpl::appendQuads):
2012-04-26 Benjamin Poulain <bpoulain@apple.com>
Use WebKit types for the cache of ObjcClass::methodsNamed()
https://bugs.webkit.org/show_bug.cgi?id=85012
Reviewed by Geoffrey Garen.
This patch redefines the method cache ObjcClass to avoid memory allocations in the case of positive match.
Instead of using the converted name as the key, the original identifier string is used. This shortcuts
all the other operations when there is a match.
A side effect is a method can appear multiple times in the cache if it is invoked with different names using
the escape character "$". An attaquer could bloat the cache with a few hundreds strings.
In the common case, having each name mapped is an improvment.
* bridge/objc/objc_class.h:
(ObjcClass):
* bridge/objc/objc_class.mm:
(JSC::Bindings::ObjcClass::ObjcClass):
(JSC::Bindings::ObjcClass::methodsNamed):
2012-04-26 Ojan Vafai <ojan@chromium.org>
Delete dead code in Arena.h/cpp
https://bugs.webkit.org/show_bug.cgi?id=84997
Reviewed by Eric Seidel.
Also cleaned up some style issues. Renamed some single-letter variable names.
Avoided anything other than totally trivial style changes to be 100% sure
that there is no change in behavior.
No new tests. There's no non-style code changes except inlining CLEAR_UNUSED
and CLEAR_ARENA.
* platform/Arena.cpp:
(WebCore):
(WebCore::CeilingLog2):
(WebCore::InitArenaPool):
(WebCore::ArenaAllocate):
(WebCore::FreeArenaList):
(WebCore::FinishArenaPool):
* platform/Arena.h:
(WebCore):
2012-04-26 Shawn Singh <shawnsingh@chromium.org>
Re-implement backFaceVisibility to avoid dealing with perspective w < 0 problem
https://bugs.webkit.org/show_bug.cgi?id=84059
Reviewed by Adrienne Walker.
Unit tests added to CCMathUtilTest.cpp.
This patch changes the implementation of backFaceIsVisible so that
it doesn't need to deal with the w < 0 problem from of perspective
projections. Instead, it is equally correct to simply use the
inverse-transpose of the matrix, and quickly check the third row,
third column element. Additionally, it was appropriate to move
this function into TransformationMatrix itself.
Making this change fixes some issues related to disappearing
layers in Chromium (where the compositor incorrectly thought that
the back face was visible, and skipped the layer).
* platform/graphics/chromium/cc/CCLayerTreeHostCommon.cpp:
(WebCore::calculateVisibleLayerRect):
(WebCore::layerShouldBeSkipped):
* platform/graphics/transforms/TransformationMatrix.cpp:
(WebCore::TransformationMatrix::isBackFaceVisible):
(WebCore):
* platform/graphics/transforms/TransformationMatrix.h:
(TransformationMatrix):
2012-04-26 Martin Robinson <mrobinson@igalia.com>
[Cairo] Wrap cairo surfaces in a class when storing native images
https://bugs.webkit.org/show_bug.cgi?id=83611
Reviewed by Alejandro G. Castro.
No new tests. This is just a refactoring. This shouldn't change
functionality.
Added class that wraps Cairo images surfaces to serve as the "native image"
type for the Cairo platform. This will allow the addition of caching resampled
images as well as versions of the image for non-image Cairo backends. Also
split out BitmapImageCairo.cpp from ImageCairo.cpp since these classes are
defined in two headers.
* GNUmakefile.list.am: Added new files.
* platform/graphics/BitmapImage.h: Added a factory method that takes an image surface to
reduce code churn.
* platform/graphics/ImageSource.h: NativeImagePtr is now NativeImageCairo*.
(WebCore):
* platform/graphics/cairo/BitmapImageCairo.cpp: Copied from Source/WebCore/platform/graphics/cairo/ImageCairo.cpp.
* platform/graphics/cairo/GraphicsContext3DCairo.cpp: Updated to reflect use of NativeImageCairo.
* platform/graphics/cairo/ImageCairo.cpp: Ditto.
* platform/graphics/cairo/NativeImageCairo.cpp: Added.
* platform/graphics/cairo/NativeImageCairo.h: Added.
* platform/graphics/cairo/PatternCairo.cpp: Updated to reflect use of NativeImageCairo.
* platform/graphics/gtk/ImageGtk.cpp: Ditto.
* platform/image-decoders/cairo/ImageDecoderCairo.cpp: Ditto.
2012-04-26 Mark Hahnenberg <mhahnenberg@apple.com>
[GTK] Massive media tests failures since r115288
https://bugs.webkit.org/show_bug.cgi?id=84950
Reviewed by Filip Pizlo.
No new tests.
Since the "cross-platform" WebCore timer is at too high of a level in terms of the layers
of WebKit for JSC to use, we are not currently able to use it in JSC, thus only those
platforms that support CoreFoundation can currently take advantage of the new and improved
GC activity timer. We've restored the old code paths for those platforms that don't have
CF so that they will at least have the same behavior as before when calling garbageCollectSoon.
* bindings/js/GCController.cpp: Added back the old WebCore timer along with some
if-defs that do away with the WebCore timer on platforms that support CoreFoundation.
(WebCore::GCController::GCController):
(WebCore::GCController::garbageCollectSoon):
(WebCore):
(WebCore::GCController::gcTimerFired):
* bindings/js/GCController.h: Ditto.
(GCController):
2012-04-26 Adam Klein <adamk@chromium.org>
Don't include V8Proxy.h in ScriptValue.h when V8GCController is all that's required
https://bugs.webkit.org/show_bug.cgi?id=84986
Reviewed by Kentaro Hara.
This makes it easier to include ScriptValue.h since it greatly reduces
that header's dependencies.
* bindings/v8/ScriptValue.h: Changed to include just V8GCController.h and
removed comment which is redundant with explicit V8GCController references nearby.
2012-04-26 Aaron Colwell <acolwell@chromium.org>
Fix missing sourceState change on MEDIA_ERR_SOURCE_NOT_SUPPORTED error.
https://bugs.webkit.org/show_bug.cgi?id=84996
Reviewed by Eric Carlson.
No new tests. http/tests/media/media-source/webm/video-media-source-errors.html was updated to verify that webkitSourceState is always SOURCE_CLOSED when the onerror event fires.
* html/HTMLMediaElement.cpp:
(WebCore::HTMLMediaElement::noneSupported):
2012-04-26 Antti Koivisto <antti@apple.com>
Cache parsed stylesheets
https://bugs.webkit.org/show_bug.cgi?id=85004
Reviewed by Andreas Kling.
CSS parsing is 1-2% of WebKit CPU usage on average pages, more on sites with large stylesheets.
We currently reparse all stylesheets from source text when they are encountered again. In many
browsing scenarios we can eliminate lot of this by caching the parsed stylesheets. For example
it is very common for subpages of a site to share the stylesheets.
This patch enables memory caching for stylesheet loaded using the <link> element. Only stylesheets
that have no import rules are cacheable for now.
Cached stylesheets are copied on restore so there is no sharing (and no memory wins) yet.
In the future we will also be able to share the actual data structures between pages for
significant memory savings.
After browsing around for a while <5% of the memory cache data was in parsed stylesheets so this
does not bloat the cache significantly.
* css/CSSStyleSheet.cpp:
(WebCore):
(WebCore::StyleSheetInternal::estimatedSizeInBytes):
Estimate stylesheet size so we can handle decoded data pruning correctly.
* css/CSSStyleSheet.h:
(StyleSheetInternal):
* css/StylePropertySet.cpp:
(WebCore::StylePropertySet::averageSizeInBytes):
(WebCore):
* css/StylePropertySet.h:
(StylePropertySet):
* css/StyleRule.cpp:
(WebCore::StyleRule::averageSizeInBytes):
(WebCore):
* css/StyleRule.h:
(StyleRule):
* html/HTMLLinkElement.cpp:
(WebCore::HTMLLinkElement::setCSSStyleSheet):
Save and restore parsed stylesheet. The current CSS parse context must be identical to the cached
stylesheets. This ensures that the parsing results would be identical.
* loader/cache/CachedCSSStyleSheet.cpp:
(WebCore):
(WebCore::CachedCSSStyleSheet::destroyDecodedData):
(WebCore::CachedCSSStyleSheet::restoreParsedStyleSheet):
(WebCore::CachedCSSStyleSheet::saveParsedStyleSheet):
* loader/cache/CachedCSSStyleSheet.h:
The parsed stylesheet cache is considered decoded data, similar to the image bitmaps. It uses the
same mechanism for pruning.
(WebCore):
(CachedCSSStyleSheet):
2012-04-26 Anders Carlsson <andersca@apple.com>
A TileCache should never outlive its WebTileCacheLayer
https://bugs.webkit.org/show_bug.cgi?id=85008
<rdar://problem/11141172>
Reviewed by Andreas Kling.
Since WebTileCacheLayer objects can be destroyed on the scrolling thread, make sure to delete the TileCache layer
when the PlatformCALayer is destroyed. This fixes a crash when the tile revalidation timer fires after the WebTileCacheLayer has
been destroyed, but before the TileCache itself has been destroyed.
* platform/graphics/ca/mac/PlatformCALayerMac.mm:
(PlatformCALayer::~PlatformCALayer):
* platform/graphics/ca/mac/WebTileCacheLayer.h:
* platform/graphics/ca/mac/WebTileCacheLayer.mm:
(-[WebTileCacheLayer dealloc]):
(-[WebTileCacheLayer invalidate]):
2012-04-26 Benjamin Poulain <bpoulain@apple.com>
Use String instead of RefPtr<StringImpl> for the cache of ObjcClass
https://bugs.webkit.org/show_bug.cgi?id=84932
Reviewed by Andreas Kling.
The cache with RefPtr<StringImpl*> was added with r115007.
This patch aims at making the code a little easier to read. By using String,
one would not need to know the Traits for StringImpl.
* bridge/objc/objc_class.h:
(ObjcClass):
2012-04-26 Kentaro Hara <haraken@chromium.org>
[V8] Pass Isolate to wrap() in SerializedScriptValue.cpp
https://bugs.webkit.org/show_bug.cgi?id=84923
Reviewed by Nate Chapin.
The objective is to pass Isolate around in V8 bindings.
In this bug we pass Isolate to wrap() in SerializedScriptValue.cpp.
No tests. No change in behavior.
* bindings/v8/SerializedScriptValue.cpp:
2012-04-26 Hao Zheng <zhenghao@chromium.org>
[chromium] Complex text support for Android.
https://bugs.webkit.org/show_bug.cgi?id=84431
Complex text support is different on Android from other platforms.
There are 2 kinds of font on Android: system fonts and fallback fonts.
System fonts have a name, and are accessible in FontPlatformData.
Fallback fonts do not have specific names, so they are not accessible
from WebKit directly. There is one font for each script support.
To feed Harfbuzz, use a trick to get correct SkTypeface based on script.
Reviewed by Tony Chang.
No new tests. Current tests are runnable on Android.
* platform/graphics/FontCache.h:
(FontCache): Make ComplexTextController friend of FontCache on Android.
* platform/graphics/chromium/FontCacheAndroid.cpp:
(WebCore::FontCache::createFontPlatformData):
* platform/graphics/harfbuzz/ComplexTextControllerHarfBuzz.cpp:
(WebCore::ComplexTextController::getComplexFontPlatformData):
(WebCore):
(WebCore::ComplexTextController::setupFontForScriptRun):
* platform/graphics/harfbuzz/ComplexTextControllerHarfBuzz.h:
(ComplexTextController):
2012-04-26 Kentaro Hara <haraken@chromium.org>
[V8] Pass Isolate to wrap() (Part2)
https://bugs.webkit.org/show_bug.cgi?id=84922
Reviewed by Nate Chapin.
The objective is to pass Isolate around in V8 bindings.
This patch passes Isolate to wrap() in custom bindings.
No tests. No change in behavior.
* bindings/v8/custom/V8LocationCustom.cpp:
(WebCore::toV8):
* bindings/v8/custom/V8NamedNodeMapCustom.cpp:
(WebCore::toV8):
* bindings/v8/custom/V8SVGPathSegCustom.cpp:
(WebCore::toV8):
* bindings/v8/custom/V8StyleSheetCustom.cpp:
(WebCore::toV8):
* bindings/v8/custom/V8Uint16ArrayCustom.cpp:
(WebCore::toV8):
* bindings/v8/custom/V8Uint32ArrayCustom.cpp:
(WebCore::toV8):
* bindings/v8/custom/V8Uint8ArrayCustom.cpp:
(WebCore::toV8):
* bindings/v8/custom/V8Uint8ClampedArrayCustom.cpp:
(WebCore::toV8):
2012-04-26 Jon Lee <jonlee@apple.com>
[WK2] AlternativeTextClient leaks when the page is destroyed
https://bugs.webkit.org/show_bug.cgi?id=84307
<rdar://problem/11328431>
Reviewed by Enrica Casucci.
* page/AlternativeTextClient.h: Add pageDestroyed() call, as in EditorClient.
(AlternativeTextClient):
* page/Page.cpp:
(WebCore::Page::~Page): When the page is destroyed, notify the client if it exists.
2012-04-26 Kentaro Hara <haraken@chromium.org>
[V8] Pass Isolate to wrap() (Part1)
https://bugs.webkit.org/show_bug.cgi?id=84921
Reviewed by Nate Chapin.
The objective is to pass Isolate around in V8 bindings.
This patch passes Isolate to wrap() in custom bindings.
No tests. No change in behavior.
* bindings/v8/custom/V8BlobCustom.cpp:
(WebCore::toV8):
* bindings/v8/custom/V8CSSRuleCustom.cpp:
(WebCore::toV8):
* bindings/v8/custom/V8CSSStyleSheetCustom.cpp:
(WebCore::toV8):
* bindings/v8/custom/V8CSSValueCustom.cpp:
(WebCore::toV8):
* bindings/v8/custom/V8DOMStringMapCustom.cpp:
(WebCore::toV8):
* bindings/v8/custom/V8DOMTokenListCustom.cpp:
(WebCore::toV8):
* bindings/v8/custom/V8DataViewCustom.cpp:
(WebCore::toV8):
* bindings/v8/custom/V8EventCustom.cpp:
(WebCore::toV8):
* bindings/v8/custom/V8Float32ArrayCustom.cpp:
(WebCore::toV8):
* bindings/v8/custom/V8Float64ArrayCustom.cpp:
(WebCore::toV8):
* bindings/v8/custom/V8HTMLCollectionCustom.cpp:
(WebCore::toV8):
* bindings/v8/custom/V8ImageDataCustom.cpp:
(WebCore::toV8):
* bindings/v8/custom/V8Int16ArrayCustom.cpp:
(WebCore::toV8):
* bindings/v8/custom/V8Int32ArrayCustom.cpp:
(WebCore::toV8):
* bindings/v8/custom/V8Int8ArrayCustom.cpp:
(WebCore::toV8):
2012-04-26 Benjamin Poulain <bpoulain@apple.com>
ObjcClass::methodsNamed() can leak if buffer is dynamically allocated
https://bugs.webkit.org/show_bug.cgi?id=84668
Reviewed by Alexey Proskuryakov.
Change ObjcClass::methodsNamed() to be based on a vector instead of managing
the memory manually.
Tests: platform/mac/plugins/bindings-objc-long-method-name.html
platform/mac/plugins/bindings-objc-method-name-conversion.html
* bridge/objc/objc_class.mm:
(Bindings):
(JSC::Bindings::convertJSMethodNameToObjc):
(JSC::Bindings::ObjcClass::methodsNamed):
2012-04-26 Justin Novosad <junov@chromium.org>
[Chromium] Single buffered canvas layers with the threaded compositor
https://bugs.webkit.org/show_bug.cgi?id=80540
Reviewed by James Robinson.
Tests:
CCLayerTreeHostTestWriteLayersRedraw
CCLayerTreeHostTestWriteLayersAfterVisible
Canvas2DLayerChromiumTest.testFullLifecycleSingleThreadDeferred
Canvas2DLayerChromiumTest.testFullLifecycleThreadDeferred
CCSchedulerTest.VisibilitySwitchWithTextureAcquisition
CCSchedulerTest.TextureAcquisitionCollision
Disable double buffering and rate limiting on accelerated canvas
when the threaded compositor and deferred canvas are enabled.
Concurrent access to the layer texture by the main renderer thread and
the compositor thread is avoided by enforcing a lock. The state of the
lock is maintained by CCSchedulerStateMachine. Write access by the main
thread is acquired through a signal round trip to the compositor thread,
which may block the main thread in the event that one or more committed
layers need to be protected until the compositor completes the requested
draw. Draws on the impl thread are cancelled if the main thread has
obtained write access to the texture. The write access is relinquished
by the main thread upon commit completion. The scheduler state machine
is responsible for preventing the texture lock from causing deadlocks by
detecting and resolving problematic states.
* platform/graphics/chromium/Canvas2DLayerChromium.cpp:
(WebCore::Canvas2DLayerChromium::create):
(WebCore::Canvas2DLayerChromium::Canvas2DLayerChromium):
(WebCore::Canvas2DLayerChromium::~Canvas2DLayerChromium):
(WebCore::Canvas2DLayerChromium::drawingIntoImplThreadTexture):
(WebCore):
(WebCore::Canvas2DLayerChromium::setTextureId):
(WebCore::Canvas2DLayerChromium::setNeedsDisplayRect):
(WebCore::Canvas2DLayerChromium::update):
(WebCore::Canvas2DLayerChromium::layerWillDraw):
(WebCore::Canvas2DLayerChromium::pushPropertiesTo):
* platform/graphics/chromium/Canvas2DLayerChromium.h:
* platform/graphics/chromium/cc/CCLayerTreeHost.cpp:
(WebCore::CCLayerTreeHost::acquireLayerTextures):
(WebCore):
* platform/graphics/chromium/cc/CCLayerTreeHost.h:
(CCLayerTreeHost):
* platform/graphics/chromium/cc/CCProxy.h:
(CCProxy):
* platform/graphics/chromium/cc/CCScheduler.cpp:
(WebCore::CCScheduler::setMainThreadNeedsLayerTextures):
(WebCore):
(WebCore::CCScheduler::processScheduledActions):
* platform/graphics/chromium/cc/CCScheduler.h:
(CCSchedulerClient):
(CCScheduler):
* platform/graphics/chromium/cc/CCSchedulerStateMachine.cpp:
(WebCore::CCSchedulerStateMachine::CCSchedulerStateMachine):
(WebCore::CCSchedulerStateMachine::drawSuspendedUntilCommit):
(WebCore):
(WebCore::CCSchedulerStateMachine::scheduledToDraw):
(WebCore::CCSchedulerStateMachine::shouldDraw):
(WebCore::CCSchedulerStateMachine::shouldAcquireLayerTexturesForMainThread):
(WebCore::CCSchedulerStateMachine::nextAction):
(WebCore::CCSchedulerStateMachine::updateState):
(WebCore::CCSchedulerStateMachine::setMainThreadNeedsLayerTextures):
* platform/graphics/chromium/cc/CCSchedulerStateMachine.h:
(CCSchedulerStateMachine):
* platform/graphics/chromium/cc/CCSingleThreadProxy.h:
* platform/graphics/chromium/cc/CCThreadProxy.cpp:
(WebCore::CCThreadProxy::CCThreadProxy):
(WebCore::CCThreadProxy::beginFrame):
(WebCore::CCThreadProxy::scheduledActionDrawAndSwapInternal):
(WebCore):
(WebCore::CCThreadProxy::acquireLayerTextures):
(WebCore::CCThreadProxy::acquireLayerTexturesForMainThreadOnImplThread):
(WebCore::CCThreadProxy::scheduledActionAcquireLayerTexturesForMainThread):
* platform/graphics/chromium/cc/CCThreadProxy.h:
(CCThreadProxy):
* platform/graphics/skia/ImageBufferSkia.cpp:
(WebCore):
(WebCore::AcceleratedDeviceContext::AcceleratedDeviceContext):
(WebCore::AcceleratedDeviceContext::prepareForDraw):
(AcceleratedDeviceContext):
(WebCore::createAcceleratedCanvas):
(WebCore::ImageBuffer::context):
2012-04-26 Kentaro Hara <haraken@chromium.org>
[V8] Pass Isolate to toV8() in SerializedScriptValue.cpp
https://bugs.webkit.org/show_bug.cgi?id=84918
Reviewed by Nate Chapin.
This is the last step to pass Isolate around in
SerializedScriptValue.cpp. This patch passes Isolate
to toV8().
No tests. No change in behavior.
* bindings/v8/SerializedScriptValue.cpp:
2012-04-26 Kentaro Hara <haraken@chromium.org>
[V8] Pass Isolate to wrapSlow()
https://bugs.webkit.org/show_bug.cgi?id=84919
Reviewed by Nate Chapin.
The objective is to pass Isolate around in V8 bindings.
In this bug, we pass Isolate to wrapSlow().
Test: bindings/scripts/test/TestObj.idl etc
* bindings/scripts/CodeGeneratorV8.pm: Modified as described above.
(GenerateHeader):
(GenerateToV8Converters):
* bindings/scripts/test/V8/V8Float64Array.cpp: Updated run-bindings-tests.
(WebCore::V8Float64Array::wrapSlow):
* bindings/scripts/test/V8/V8Float64Array.h:
(V8Float64Array):
(WebCore::V8Float64Array::wrap):
* bindings/scripts/test/V8/V8TestActiveDOMObject.cpp:
(WebCore::V8TestActiveDOMObject::wrapSlow):
* bindings/scripts/test/V8/V8TestActiveDOMObject.h:
(V8TestActiveDOMObject):
(WebCore::V8TestActiveDOMObject::wrap):
* bindings/scripts/test/V8/V8TestCustomNamedGetter.cpp:
(WebCore::V8TestCustomNamedGetter::wrapSlow):
* bindings/scripts/test/V8/V8TestCustomNamedGetter.h:
(V8TestCustomNamedGetter):
(WebCore::V8TestCustomNamedGetter::wrap):
* bindings/scripts/test/V8/V8TestEventConstructor.cpp:
(WebCore::V8TestEventConstructor::wrapSlow):
* bindings/scripts/test/V8/V8TestEventConstructor.h:
(V8TestEventConstructor):
(WebCore::V8TestEventConstructor::wrap):
* bindings/scripts/test/V8/V8TestEventTarget.cpp:
(WebCore::V8TestEventTarget::wrapSlow):
* bindings/scripts/test/V8/V8TestEventTarget.h:
(V8TestEventTarget):
(WebCore::V8TestEventTarget::wrap):
* bindings/scripts/test/V8/V8TestInterface.cpp:
(WebCore::V8TestInterface::wrapSlow):
* bindings/scripts/test/V8/V8TestInterface.h:
(V8TestInterface):
(WebCore::V8TestInterface::wrap):
* bindings/scripts/test/V8/V8TestMediaQueryListListener.cpp:
(WebCore::V8TestMediaQueryListListener::wrapSlow):
* bindings/scripts/test/V8/V8TestMediaQueryListListener.h:
(V8TestMediaQueryListListener):
(WebCore::V8TestMediaQueryListListener::wrap):
* bindings/scripts/test/V8/V8TestNamedConstructor.cpp:
(WebCore::V8TestNamedConstructor::wrapSlow):
* bindings/scripts/test/V8/V8TestNamedConstructor.h:
(V8TestNamedConstructor):
(WebCore::V8TestNamedConstructor::wrap):
* bindings/scripts/test/V8/V8TestNode.cpp:
(WebCore::V8TestNode::wrapSlow):
* bindings/scripts/test/V8/V8TestNode.h:
(V8TestNode):
(WebCore::V8TestNode::wrap):
* bindings/scripts/test/V8/V8TestObj.cpp:
(WebCore::V8TestObj::wrapSlow):
* bindings/scripts/test/V8/V8TestObj.h:
(V8TestObj):
(WebCore::V8TestObj::wrap):
* bindings/scripts/test/V8/V8TestSerializedScriptValueInterface.cpp:
(WebCore::V8TestSerializedScriptValueInterface::wrapSlow):
* bindings/scripts/test/V8/V8TestSerializedScriptValueInterface.h:
(V8TestSerializedScriptValueInterface):
(WebCore::V8TestSerializedScriptValueInterface::wrap):
2012-04-25 Antonio Gomes <agomes@rim.com>
Add ScrollAnimatorBlackBerry as an extension to ScrollAnimatorNone
https://bugs.webkit.org/show_bug.cgi?id=84625
Reviewed by Anders Carlsson.
Patch adds ScrollAnimatorBlackBerry class as an extension to of
ScrollAnimatorNone. The main goal here is extending the later to allow
overscrolling while the animation runs.
Once the animation finishes, the flag gets reseted and
ScrollableArea::constrainsScrollingtoContentEdge is set back to the value
it had before, so this method has to be explicitly called anytime it is wanted.
* CMakeLists.txt:
* platform/ScrollAnimator.h:
(WebCore::ScrollAnimator::animationWillStart):
(WebCore::ScrollAnimator::animationDidFinish):
(ScrollAnimator):
* platform/ScrollAnimatorNone.cpp:
(WebCore):
(WebCore::ScrollAnimatorNone::scroll):
(WebCore::ScrollAnimatorNone::animationTimerFired):
* platform/blackberry/ScrollAnimatorBlackBerry.cpp: Added.
(WebCore):
(WebCore::ScrollAnimator::create):
(WebCore::ScrollAnimatorBlackBerry::ScrollAnimatorBlackBerry):
(WebCore::ScrollAnimatorBlackBerry::animationWillStart):
(WebCore::ScrollAnimatorBlackBerry::animationDidFinish):
(WebCore::ScrollAnimatorBlackBerry::setDisableConstrainsScrollingToContentEdgeWhileAnimating):
* platform/blackberry/ScrollAnimatorBlackBerry.h: Added.
(WebCore):
(ScrollAnimatorBlackBerry):
2012-04-26 Antonio Gomes <agomes@rim.com>
[BlackBerry] Add smooth_scrolling options to CMAKE and enable it for Blackberry
https://bugs.webkit.org/show_bug.cgi?id=84954
Reviewed by Daniel Bates.
Add the default scroll animator to the build system (ScrollAnimatorNone.cpp)
* CMakeLists.txt:
2012-04-25 Antonio Gomes <agomes@rim.com>
Make ScrollView::scrollSize scrollbar-independent
https://bugs.webkit.org/show_bug.cgi?id=84873
Reviewed by Anders Carlsson.
For ports that disable scrollbars creation at FrameView creation time
ScrollView::scrollSize should still return the scrollable ammount of
content (if any) if scrolling is not prohibted.
No new test, but it makes ScrollAnimator work for the BlackBerry port.
* platform/ScrollView.cpp:
(WebCore::ScrollView::scrollSize):
2012-04-25 Anders Carlsson <andersca@apple.com>
The tile cache should know if a frame view can ever have scrollbars
https://bugs.webkit.org/show_bug.cgi?id=84888
Reviewed by Andreas Kling.
If a frame view has overflow: hidden on its body element we know that the document will most
likely never be scrolled. The tile cache should know about this so we can optimize.
* page/FrameView.cpp:
(WebCore::FrameView::performPostLayoutTasks):
* platform/graphics/TiledBacking.h:
(TiledBacking):
* platform/graphics/ca/mac/TileCache.h:
(TileCache):
* platform/graphics/ca/mac/TileCache.mm:
(WebCore::TileCache::TileCache):
(WebCore::TileCache::setCanHaveScrollbars):
(WebCore):
* rendering/RenderLayerBacking.cpp:
(WebCore::RenderLayerBacking::RenderLayerBacking):
2012-04-26 Ken Buchanan <kenrb@chromium.org>
Crash from removal of line break object after layout
https://bugs.webkit.org/show_bug.cgi?id=75461
Reviewed by David Hyatt.
There is a condition where objects can get removed from underneath
inlines while they represent a line break object in a RootInlineBox
of an ancestor block. If an intermediary inline has already been
marked as needing layout, then the line box will not get dirtied
because dirtyLineFromChangedChild thinks it already has been.
This patch introduces a new set in RenderObject to indicate whether
an ancestral line box corresponding to the current line has been
marked dirty or not. dirtyLinesFromChangedChild() can use this set
rather than m_selfNeedsLayout, so it will not be confused if a
container was dirtied for some other reason that did not affect the
line box.
* rendering/RenderLineBoxList.cpp:
(WebCore::RenderLineBoxList::dirtyLinesFromChangedChild): Use the new
set rather than m_selfNeedsLayout in the container to determine
whether to continue propagating upward.
* rendering/RenderObject.cpp:
(WebCore::RenderObject::s_ancestorLineboxDirtySet): Instantiate the
static member.
(WebCore::RenderObject::willBeDestroyed): Clears the object from the
linebox set when it is being destroyed.
* rendering/RenderObject.h:
(WebCore::RenderObject::s_ancestorLineboxDirtySet): Added static
member set.
(WebCore::RenderObject::setNeedsLayout): Clears the
object from the linebox set when layout bits are getting cleared.
(WebCore::RenderObject::ancestorLineBoxDirty): Added.
(WebCore::RenderObject::setAncestorLineBoxDirty): Added.
2012-04-26 Christophe Dumez <christophe.dumez@intel.com>
[EFL] Enable VIDEO_TRACK feature
https://bugs.webkit.org/show_bug.cgi?id=84830
Reviewed by Gustavo Noronha Silva.
Enable support for VIDEO_TRACK feature by default for EFL port.
* UseJSC.cmake:
* bindings/generic/RuntimeEnabledFeatures.cpp:
(WebCore):
2012-04-26 Antti Koivisto <antti@apple.com>
Implement StyleSheetInternal copying
https://bugs.webkit.org/show_bug.cgi?id=84969
Reviewed by Andreas Kling.
We need to be able to copy stylesheets to cache them. Copying is already implement for
most of the stylesheet data types but StyleSheetInternal::copy() is still missing.
Preparation for stylesheet caching. The copying code is not used yet.
* css/CSSNamespace.h:
Instead of making it copyable, remove CSSNamespace class.
* css/CSSParser.cpp:
(WebCore::operator==):
(WebCore):
(WebCore::CSSParser::addNamespace):
Avoid ping-ponging to StyleSheetInternal and back to set the default namespace.
* css/CSSParserMode.h:
(WebCore):
(WebCore::operator!=):
Add equality comparison operator to CSSParseMode. This will be needed to determine
if a cached copy can be used.
* css/CSSStyleSheet.cpp:
(WebCore::StyleSheetInternal::StyleSheetInternal):
(WebCore):
(WebCore::StyleSheetInternal::isCacheable):
(WebCore::StyleSheetInternal::parserAddNamespace):
(WebCore::StyleSheetInternal::determineNamespace):
Use HashMap instead of iterating a linked list of CSSNamespaces.
(WebCore::StyleSheetInternal::styleSheetChanged):
Add mutation bit.
* css/CSSStyleSheet.h:
(WebCore):
(StyleSheetInternal):
(WebCore::StyleSheetInternal::copy):
Copy constructor. It only usable for cacheable stylesheets.
2012-04-26 Philip Rogers <pdr@google.com>
Fix Skia's SkPathContainsPoint to work with sub-pixel accuracy
https://bugs.webkit.org/show_bug.cgi?id=84117
Reviewed by Eric Seidel.
Because we do hit testing in object-space (i.e., we may see a 0.1px*0.1px path) we
need to support sub-pixel hit testing in Skia. Skia does not provide analytical
path hit testing, so hit tests are done by rasterizing a path and checking if a
specific pixel is drawn. SkPathContainsPoint did not work with sub-pixel values
because this rasterization was sometimes very small which did not give enough
resolution to check if the hit test pixel was drawn.
This patch scales the path to a very large size during hit testing so that Skia's
raster-based hit testing will work properly. Because Skia avoids unnecessary
path rasterization, this is actually inexpensive.
Below is a summary of a performance test on simple and complex paths:
(before patch, after patch)
Skia/Chrome 10,000 hit tests on a simple path: (229ms, 238ms)
Skia/Chrome 10,000 hit tests on a complex path: (701ms, 704ms)
For comparison, CG/Safari takes 236ms on the simple path and 466ms on the complex path.
Therefore, this patch introduces small but measurable regression in hit testing
performance due to scaling the path.
Test: svg/hittest/svg-small-path.xhtml
* platform/graphics/skia/SkiaUtils.cpp:
(WebCore::SkPathContainsPoint):
2012-04-26 Sheriff Bot <webkit.review.bot@gmail.com>
Unreviewed, rolling out r115323.
http://trac.webkit.org/changeset/115323https://bugs.webkit.org/show_bug.cgi?id=84975
Bad test, breaks all builds (Requested by apavlov1 on
#webkit).
* inspector/Inspector.json:
* inspector/InspectorPageAgent.cpp:
(WebCore::InspectorPageAgent::enable):
(WebCore::InspectorPageAgent::disable):
* inspector/InspectorPageAgent.h:
* inspector/front-end/Settings.js:
* inspector/front-end/SettingsScreen.js:
(WebInspector.SettingsScreen):
* inspector/front-end/inspector.js:
2012-04-26 Douglas Stockwell <dstockwell@chromium.org>
IndexedDB: cursor does not correctly iterate over keys added and removed during iteration
https://bugs.webkit.org/show_bug.cgi?id=84467
Reviewed by Ojan Vafai.
Ensure that the iterator over the tree of cached adds/removes always points at
the current key, or if the db iterator is current, the next key:
- When refreshing the tree iterator after a mutation, always seek unless the
tree iterator is current.
- When handing conflicts and delete markers, only advance the tree iterator as
far as the db iterator.
Remove the expensive (and now redundant) logic that issued a get() to check
whether an item had been deleted.
Test: storage/indexeddb/cursor-added-bug.html
* Modules/indexeddb/IDBLevelDBBackingStore.cpp:
(WebCore):
* platform/leveldb/LevelDBTransaction.cpp:
(WebCore::LevelDBTransaction::TransactionIterator::refreshTreeIterator):
(WebCore::LevelDBTransaction::TransactionIterator::handleConflictsAndDeletes):
2012-04-26 Alexander Pavlov <apavlov@chromium.org>
Web Inspector: Implement the "Disable JavaScript" option in the settings dialog
https://bugs.webkit.org/show_bug.cgi?id=84946
Based on user actions in the Inspector frontend, InspectorPageAgent invokes Settings::setScriptEnabled()
for the associated page to switch the script execution therein.
Reviewed by Yury Semikhatsky.
Test: inspector/debugger/disable-script.html
* inspector/Inspector.json:
* inspector/InspectorPageAgent.cpp:
(PageAgentState):
(WebCore::InspectorPageAgent::enable):
(WebCore::InspectorPageAgent::disable):
(WebCore::InspectorPageAgent::getScriptExecutionStatus):
(WebCore):
(WebCore::InspectorPageAgent::setScriptExecutionDisabled):
* inspector/InspectorPageAgent.h:
* inspector/front-end/Settings.js:
* inspector/front-end/SettingsScreen.js:
(WebInspector.SettingsScreen):
(WebInspector.SettingsScreen.prototype.get _updateScriptDisabledCheckbox):
(WebInspector.SettingsScreen.prototype._javaScriptDisabledChanged):
* inspector/front-end/inspector.js:
2012-04-26 Dominik Röttsches <dominik.rottsches@linux.intel.com>
[cairo] CairoGraphicsContext fillRect (with Color) overrides composite operator
https://bugs.webkit.org/show_bug.cgi?id=84848
Reviewed by Martin Robinson.
FillRectWithColor used to be called fillRectSourceOver before r89314
where this operator still made sense. The way this function is used
these days doesn't expect the composite operator to be overridden anymore.
No new tests, covered by existing tests, e.g.
svg/filters/feDropShadow.svg
* platform/graphics/cairo/GraphicsContextCairo.cpp:
(WebCore::fillRectWithColor):
2012-04-26 Nikolas Zimmermann <nzimmermann@rim.com>
Fix additive by animations for most SMIL list types
https://bugs.webkit.org/show_bug.cgi?id=84968
Reviewed by Antti Koivisto.
Unify SMIL list animation code, to correctly respect the underlying from value for by-animations.
Add lots of new tests covering by-animations for all primitives (except AnimatedPath/TransformList).
AnimatedTransformList is not working correctly yet, and will be covered in a follow-up patch.
AnimatdPath by-animations are complex, and thus also handled in another follow-up patch.
Tests: svg/animations/additive-type-by-animation.html
svg/animations/length-list-animation-expected.svg
svg/animations/length-list-animation.svg
svg/animations/svglength-additive-by-1.html
svg/animations/svglength-additive-by-2.html
svg/animations/svglength-additive-by-3.html
svg/animations/svglength-additive-by-4.html
svg/animations/svglength-additive-by-5.html
svg/animations/svglength-additive-by-6.html
svg/animations/svglength-additive-from-by-1.html
svg/animations/svglength-additive-from-by-2.html
svg/animations/svglength-additive-from-by-3.html
svg/animations/svglength-additive-from-by-4.html
* svg/SVGAnimatedLengthList.cpp:
(WebCore::SVGAnimatedLengthListAnimator::addAnimatedTypes):
(WebCore::SVGAnimatedLengthListAnimator::calculateAnimatedValue):
* svg/SVGAnimatedNumberList.cpp:
(WebCore::SVGAnimatedNumberListAnimator::addAnimatedTypes):
(WebCore::SVGAnimatedNumberListAnimator::calculateAnimatedValue):
* svg/SVGAnimatedPointList.cpp:
(WebCore::SVGAnimatedPointListAnimator::addAnimatedTypes):
(WebCore::SVGAnimatedPointListAnimator::calculateAnimatedValue):
* svg/SVGAnimationElement.h:
(WebCore::SVGAnimationElement::adjustFromToListValues):
2012-04-26 Antti Koivisto <antti@apple.com>
Add copy constructor to CSSSelector
https://bugs.webkit.org/show_bug.cgi?id=84956
Reviewed by Anders Carlsson.
To copy CSSSelectorLists correctly CSSSelector needs a copy constructor.
This will be needed to implement stylesheet caching. The code is not used yet.
* css/CSSSelector.cpp:
(WebCore::CSSSelector::createRareData):
* css/CSSSelector.h:
(CSSSelector):
(WebCore::CSSSelector::RareData::create):
(RareData):
Refcount RareData to make copying easier. This has no significant memory impact, rare data is rare.
(WebCore::CSSSelector::CSSSelector):
(WebCore):
(WebCore::CSSSelector::~CSSSelector):
* css/CSSSelectorList.cpp:
(WebCore::CSSSelectorList::CSSSelectorList):
Use copy constructor instead of memcpy (which doesn't work).
2012-04-26 Raphael Kubo da Costa <rakuco@webkit.org>
[EFL] Fix the build with DRAG_SUPPORT disabled.
https://bugs.webkit.org/show_bug.cgi?id=84963
Reviewed by Antonio Gomes.
No new tests, build system-related change.
EventHandlerEfl.cpp always assumed DRAG_SUPPORT was enabled and lacked
the proper #if ENABLED() checks for some member variables and methods
conditionally defined in EventHandler.h.
* page/efl/EventHandlerEfl.cpp:
(WebCore):
2012-04-26 Pavel Feldman <pfeldman@chromium.org>
Web Inspector: remove stackTrace property from requestWillBeSent - it is already a part of the initiator.
https://bugs.webkit.org/show_bug.cgi?id=84964
Reviewed by Yury Semikhatsky.
* inspector/InspectorResourceAgent.cpp:
(WebCore::InspectorResourceAgent::willSendRequest):
* inspector/front-end/ConsoleMessage.js:
(WebInspector.ConsoleMessageImpl.prototype._formatMessage):
* inspector/front-end/NetworkManager.js:
(WebInspector.NetworkDispatcher.prototype.requestWillBeSent):
(WebInspector.NetworkDispatcher.prototype.requestServedFromMemoryCache):
(WebInspector.NetworkDispatcher.prototype._appendRedirect):
(WebInspector.NetworkDispatcher.prototype._createNetworkRequest):
(get WebInspector):
2012-04-26 Stephen Chenney <schenney@chromium.org>
SVG FEConvolveMatrix does not check for invalid property values
https://bugs.webkit.org/show_bug.cgi?id=84363
Reviewed by Dirk Schulze.
Adding code to check for valid input values on SVG feConvolveMatrix properties.
And adding some of the first effective error reporting for SVG elements.
Tests: svg/filters/feConvolveMatrix-invalid-targetX-expected.svg
svg/filters/feConvolveMatrix-invalid-targetX.svg
svg/filters/feConvolveMatrix-invalid-targetY-expected.svg
svg/filters/feConvolveMatrix-invalid-targetY.svg
svg/filters/feConvolveMatrix-negative-kernelUnitLengthX-expected.svg
svg/filters/feConvolveMatrix-negative-kernelUnitLengthX.svg
svg/filters/feConvolveMatrix-negative-kernelUnitLengthY-expected.svg
svg/filters/feConvolveMatrix-negative-kernelUnitLengthY.svg
svg/filters/feConvolveMatrix-negative-orderX-expected.svg
svg/filters/feConvolveMatrix-negative-orderX.svg
svg/filters/feConvolveMatrix-negative-orderY-expected.svg
svg/filters/feConvolveMatrix-negative-orderY.svg
svg/filters/feConvolveMatrix-non-integral-order-expected.svg
svg/filters/feConvolveMatrix-non-integral-order.svg
svg/filters/feConvolveMatrix-zero-divisor-expected.svg
svg/filters/feConvolveMatrix-zero-divisor.svg
* platform/graphics/filters/FEConvolveMatrix.cpp:
(WebCore::FEConvolveMatrix::FEConvolveMatrix):
(WebCore::FEConvolveMatrix::setKernelSize):
(WebCore::FEConvolveMatrix::setDivisor):
(WebCore::FEConvolveMatrix::setKernelUnitLength):
* svg/SVGFEConvolveMatrixElement.cpp:
(WebCore::SVGFEConvolveMatrixElement::parseAttribute):
(WebCore::SVGFEConvolveMatrixElement::build):
2012-04-26 Allan Sandfeld Jensen <allan.jensen@nokia.com>
Move WebKit1 specific conversion of touch-events to WebKit1.
https://bugs.webkit.org/show_bug.cgi?id=84951
Reviewed by Kenneth Rohde Christiansen.
No change in functionality. No new tests.
* Target.pri:
* platform/PlatformTouchEvent.h:
(PlatformTouchEvent):
* platform/PlatformTouchPoint.h:
(PlatformTouchPoint):
* platform/qt/PlatformTouchEventQt.cpp: Removed.
* platform/qt/PlatformTouchPointQt.cpp: Removed.
2012-04-26 Nikolas Zimmermann <nzimmermann@rim.com>
Share code used to animate numbers types between all animators
https://bugs.webkit.org/show_bug.cgi?id=84945
Reviewed by Antti Koivisto.
Refactor animateAdditiveNumber() from SVGAnimatedNumberAnimator into SVGAnimationElement,
to reuse it for all primitives. Converted most primitives to use the new code. Lists, paths,
colors are still todo.
Doesn't affect any tests.
* svg/SVGAnimatedAngle.cpp:
(WebCore::SVGAnimatedAngleAnimator::calculateAnimatedValue):
* svg/SVGAnimatedInteger.cpp:
(WebCore::SVGAnimatedIntegerAnimator::calculateAnimatedInteger):
(WebCore::SVGAnimatedIntegerAnimator::calculateAnimatedValue):
* svg/SVGAnimatedInteger.h:
(SVGAnimatedIntegerAnimator):
* svg/SVGAnimatedIntegerOptionalInteger.cpp:
(WebCore::SVGAnimatedIntegerOptionalIntegerAnimator::addAnimatedTypes):
(WebCore::SVGAnimatedIntegerOptionalIntegerAnimator::calculateAnimatedValue):
* svg/SVGAnimatedLength.cpp:
(WebCore::SVGAnimatedLengthAnimator::calculateAnimatedValue):
* svg/SVGAnimatedLengthList.cpp:
(WebCore::SVGAnimatedLengthListAnimator::calculateAnimatedValue):
* svg/SVGAnimatedNumber.cpp:
(WebCore::SVGAnimatedNumberAnimator::calculateAnimatedValue):
* svg/SVGAnimatedNumber.h:
* svg/SVGAnimatedNumberList.cpp:
(WebCore::SVGAnimatedNumberListAnimator::calculateAnimatedValue):
* svg/SVGAnimatedNumberOptionalNumber.cpp:
(WebCore::SVGAnimatedNumberOptionalNumberAnimator::addAnimatedTypes):
(WebCore::SVGAnimatedNumberOptionalNumberAnimator::calculateAnimatedValue):
* svg/SVGAnimatedNumberOptionalNumber.h:
* svg/SVGAnimatedRect.cpp:
(WebCore::SVGAnimatedRectAnimator::calculateAnimatedValue):
* svg/SVGAnimationElement.h:
(WebCore::SVGAnimationElement::animateAdditiveNumber):
(SVGAnimationElement):
2012-04-26 Ryosuke Niwa <rniwa@webkit.org>
Forgotten build fix after r115227.
* css/StylePropertySet.cpp:
(WebCore::StylePropertySet::get4Values):
2012-04-26 Mihnea Ovidenie <mihnea@adobe.com>
Crash when collecting svg symbol element in named flow.
https://bugs.webkit.org/show_bug.cgi?id=84493
Reviewed by David Hyatt.
Test: fast/regions/symbol-in-named-flow-crash.svg
* dom/Element.cpp:
(WebCore::Element::~Element):
Add an assert that an element that was collected into a named flow was already removed at this point
(when the document is not in the process of destruction)
(WebCore::Element::unregisterNamedFlowContentNode):
Created a new function for unregistering a content node. In the future, this function may be used for
content nodes from shadow dom.
(WebCore::Element::detach):
* dom/Element.h:
(Element):
* dom/NodeRenderingContext.cpp:
(WebCore::NodeRenderingContext::moveToFlowThreadIfNeeded):
Prevent elements that are part of shadow dom to be collected into a named flow.
2012-04-26 Nikolas Zimmermann <nzimmermann@rim.com>
Share code used to animate discrete types between all animators
https://bugs.webkit.org/show_bug.cgi?id=84853
Reviewed by Andreas Kling.
Share by-animation handling for non-additive types in a central method in SVGAnimatedTypeAnimator,
to be reusable by SVGAnimatedBoolean/Enumeration/PreserveAspectRatio/String. Add a new test covering
these animations have no effect.
Test: svg/animations/non-additive-type-by-animation.html
* svg/SVGAnimateElement.cpp:
(WebCore::SVGAnimateElement::calculateFromAndByValues):
(WebCore::SVGAnimateElement::isAdditive):
* svg/SVGAnimateElement.h:
(SVGAnimateElement):
* svg/SVGAnimateMotionElement.cpp:
(WebCore::SVGAnimateMotionElement::calculateFromAndByValues):
* svg/SVGAnimatedBoolean.cpp:
(WebCore::isTrueString):
(WebCore::SVGAnimatedBooleanAnimator::constructFromString):
(WebCore::SVGAnimatedBooleanAnimator::addAnimatedTypes):
(WebCore::SVGAnimatedBooleanAnimator::calculateAnimatedValue):
* svg/SVGAnimatedEnumeration.cpp:
(WebCore::SVGAnimatedEnumerationAnimator::addAnimatedTypes):
(WebCore::SVGAnimatedEnumerationAnimator::calculateAnimatedValue):
* svg/SVGAnimatedPreserveAspectRatio.cpp:
(WebCore::SVGAnimatedPreserveAspectRatioAnimator::addAnimatedTypes):
(WebCore::SVGAnimatedPreserveAspectRatioAnimator::calculateAnimatedValue):
* svg/SVGAnimatedString.cpp:
(WebCore::SVGAnimatedStringAnimator::addAnimatedTypes):
(WebCore::SVGAnimatedStringAnimator::calculateAnimatedValue):
* svg/SVGAnimationElement.cpp:
(WebCore::SVGAnimationElement::startedActiveInterval):
* svg/SVGAnimationElement.h:
(SVGAnimationElement):
(WebCore::SVGAnimationElement::animateDiscreteType):
2012-04-26 Chris Fleizach2 <cfleizach@apple.com>
CrashTracer: [USER] 157 crashes in WebProcess at com.apple.WebCore: WebCore::AccessibilityRenderObject::isAttachment const + 29
https://bugs.webkit.org/show_bug.cgi?id=84463
Reviewed by Darin Adler.
Accessibility was not being enabled when WK2 was asking only for the focused UI element.
No layout test could be written because the WKTestRunner mechanism works differently when asking for this.
* accessibility/AXObjectCache.cpp:
(WebCore::AXObjectCache::focusedUIElementForPage):
(WebCore::AXObjectCache::rootObject):
(WebCore::AXObjectCache::rootObjectForFrame):
2012-04-25 Dana Jansens <danakj@chromium.org>
[chromium] Remove guarded virtual methods from WebFilterOperation API
https://bugs.webkit.org/show_bug.cgi?id=84926
Reviewed by James Robinson.
* WebCore.gypi:
* platform/chromium/support/WebFilterOperation.cpp: Removed.
* platform/chromium/support/WebFilterOperations.cpp:
(WebKit::WebFilterOperations::append):
2012-04-25 Benjamin Poulain <benjamin@webkit.org>
Add a version of StringImpl::find() without offset
https://bugs.webkit.org/show_bug.cgi?id=83968
Reviewed by Sam Weinig.
Remove the zero offset of the find() functions on strings.
* html/parser/XSSAuditor.cpp:
(WebCore::XSSAuditor::init):
* platform/network/ResourceResponseBase.cpp:
(WebCore::trimToNextSeparator):
(WebCore::parseCacheHeader):
2012-04-25 Mark Hahnenberg <mhahnenberg@apple.com>
WebCore shouldn't call collectAllGarbage directly
https://bugs.webkit.org/show_bug.cgi?id=84897
Reviewed by Geoffrey Garen.
No new tests.
Currently, GCController calls Heap::collectAllGarbage directly, which leads
to an overload of collections as the timer in GCController and the timer in
GCActivityCallback compete for collection time and fire independently. As a
result, we end up doing almost 600 full collections during an in-browser run
of SunSpider, or 20 full collections on a single load of TechCrunch.
We can do better by preventing WebCore from calling collectAllGarbage directly
and instead going through Heap::reportAbandonedObjectGraph, since that is what
WebCore is trying to do--notify the Heap that a lot of garbage may have just
been generated when we left a page.
* WebCore.exp.in:
* bindings/js/GCController.cpp: Removed all timer stuff.
(WebCore::GCController::GCController):
(WebCore::GCController::garbageCollectSoon): Changed to call Heap::reportAbandonedObjectGraph.
(WebCore::GCController::garbageCollectNow): Changed to still directly call collectAllGarbage.
We will deprecate this function soon hopefully.
* bindings/js/GCController.h: Removed timer stuff.
(GCController):
* bindings/js/ScriptProfiler.cpp:
(WebCore::ScriptProfiler::collectGarbage): Changed to call garbageCollectSoon.
2012-04-25 James Robinson <jamesr@chromium.org>
[chromium] REGRESSION(112286) Compositor initialization blocks for program compilation / linking
https://bugs.webkit.org/show_bug.cgi?id=84822
Reviewed by Adrienne Walker.
r112286 introduced a subtle regression in the chromium compositor startup sequence - by querying the texture
copy program's uniform location at the end of LayerRendererChromium::initialize(), the compositor's thread was
blocked until the service side compiled _all_ eagerly initialized shaders. The intent of the way the compositor
programs are created is that a set of commonly-used programs are sent to the service side, but no blocking calls
are made until after we go through the first paint (with the hope that the service side will complete the
compilation by then).
Fixed by moving program initialization (which also grabs uniform locations) until the first actual use of the
copier. It may be worth deferring the program initialization completely if it's not used very often.
Added unit test in LayerRendererChromiumTests to make sure LRC initialization does not make any
synchronous calls (like getUniformLocation()).
* platform/graphics/chromium/TextureCopier.cpp:
(WebCore::AcceleratedTextureCopier::AcceleratedTextureCopier):
(WebCore::AcceleratedTextureCopier::copyTexture):
2012-04-25 Jason Liu <jason.liu@torchmobile.com.cn>
[BlackBerry] Authenticated proxy isn't working.
https://bugs.webkit.org/show_bug.cgi?id=84579
Reviewed by Antonio Gomes.
We should try to get username and password from WiFi advanced configuration first
when 407 is received.
No new tests. This is covered by existing http tests when proxy's username and password
are configured for WiFi.
* platform/network/blackberry/NetworkJob.cpp:
(WebCore::NetworkJob::sendRequestWithCredentials):
2012-04-25 Alec Flett <alecflett@chromium.org>
IndexedDB: implement cursor.advance()
https://bugs.webkit.org/show_bug.cgi?id=84174
Reviewed by Ojan Vafai.
Implement IDBCursor.advance() to spec.
Test: storage/indexeddb/cursor-advance.html
* Modules/indexeddb/IDBBackingStore.h:
* Modules/indexeddb/IDBCursor.cpp:
(WebCore::IDBCursor::advance):
(WebCore):
* Modules/indexeddb/IDBCursor.h:
(IDBCursor):
* Modules/indexeddb/IDBCursor.idl:
* Modules/indexeddb/IDBCursorBackendImpl.cpp:
(WebCore::IDBCursorBackendImpl::advance):
(WebCore):
(WebCore::IDBCursorBackendImpl::advanceInternal):
* Modules/indexeddb/IDBCursorBackendImpl.h:
(IDBCursorBackendImpl):
* Modules/indexeddb/IDBCursorBackendInterface.h:
* Modules/indexeddb/IDBLevelDBBackingStore.cpp:
(WebCore):
2012-04-24 Adrienne Walker <enne@google.com>
[chromium] Hold video provider lock from willDraw to didDraw
https://bugs.webkit.org/show_bug.cgi?id=84805
Reviewed by James Robinson.
* platform/graphics/chromium/cc/CCVideoLayerImpl.cpp:
(WebCore::CCVideoLayerImpl::willDraw):
(WebCore):
(WebCore::CCVideoLayerImpl::willDrawInternal):
(WebCore::CCVideoLayerImpl::appendQuads):
(WebCore::CCVideoLayerImpl::didDraw):
* platform/graphics/chromium/cc/CCVideoLayerImpl.h:
2012-04-25 Adrienne Walker <enne@google.com>
[chromium] Prevent CCLayerImpl::willDraw/didDraw mismatches
https://bugs.webkit.org/show_bug.cgi?id=84812
Reviewed by James Robinson.
Because some layers lock/unlock resources, it needs to be guaranteed
that if willDraw is called on a layer then didDraw will also be called
on that layer before another willDraw or before layer destruction. Add
asserts to make sure that this is the case.
willDraw is called via CCLayerTreeHostImpl::prepareToDraw ->
calculateRenderPasses. didDraw was previously called in
CCLayerTreeHostImpl::drawLayers. Sometimes drawLayers was being
skipped by the caller of these functions based on what prepareToDraw
returned (causing didDraw to not be called). Fix this by having an
explicit step to call didDraw on all layers. This new didDrawAllLayers
function must be called if and only if prepareToDraw is called.
Tested by existing tests via new asserts in CCLayerImpl.
* platform/graphics/chromium/cc/CCLayerImpl.cpp:
(WebCore::CCLayerImpl::CCLayerImpl):
(WebCore::CCLayerImpl::~CCLayerImpl):
(WebCore::CCLayerImpl::willDraw):
(WebCore):
(WebCore::CCLayerImpl::didDraw):
* platform/graphics/chromium/cc/CCLayerImpl.h:
(CCLayerImpl):
* platform/graphics/chromium/cc/CCLayerTreeHostImpl.cpp:
(WebCore::CCLayerTreeHostImpl::drawLayers):
(WebCore::CCLayerTreeHostImpl::didDrawAllLayers):
(WebCore):
* platform/graphics/chromium/cc/CCLayerTreeHostImpl.h:
(CCLayerTreeHostImpl):
* platform/graphics/chromium/cc/CCScrollbarLayerImpl.cpp:
(WebCore::CCScrollbarLayerImpl::willDraw):
(WebCore::CCScrollbarLayerImpl::didDraw):
* platform/graphics/chromium/cc/CCSingleThreadProxy.cpp:
(WebCore::CCSingleThreadProxy::doComposite):
* platform/graphics/chromium/cc/CCTextureLayerImpl.cpp:
(WebCore::CCTextureLayerImpl::willDraw):
* platform/graphics/chromium/cc/CCThreadProxy.cpp:
(WebCore::CCThreadProxy::scheduledActionDrawAndSwapInternal):
* platform/graphics/chromium/cc/CCVideoLayerImpl.cpp:
(WebCore::CCVideoLayerImpl::willDraw):
(WebCore::CCVideoLayerImpl::didDraw):
2012-04-24 Kent Tamura <tkent@chromium.org>
Calendar Picker: Resize to minimal size to fit the content
https://bugs.webkit.org/show_bug.cgi?id=84826
Reviewed by Hajime Morita.
Using fixed-size popup isn't nice. The calender picker popup size should
be minimal.
The minimal size depends on font settings, localized labels, and
localized formats. So we put visible objects on a transparent element,
calculate minimal size, resize the popup, then show the objects.
* Resources/calendarPicker.css:
(body): Don't use purple. It was for debugging purpose.
The body is visible for a short period becuse we use transparent element.
(#main):
- Add nowrap to avoid text wrapping.
- Add wider width to avoid wrapping.
- Add opacity to hide incomplete layout.
(.year-month-upper): Don't set flexible box yet.
(.month-selector-box): Fix incorrect display value.
(.days-area):
Don't set table-layout:fixed and width:100% in order that it has the
minimal width.
* Resources/calendarPicker.js:
(initialize): Make a new functio to resize.
(fixWindowSize):
Compute the required width from the right edge of the next year button,
the maximum cell width, and so on. Then, set CSS properties to have
correct layout.
(YearMonthController.prototype.attachTo):
Set min-width property for a long year-month string.
(YearMonthController.prototype._showPopup):
Center the _monthPopup vertically.
* html/shadow/CalendarPickerElement.cpp:
(WebCore::CalendarPickerElement::contentSize):
Specify small size for the initial size. It's better than showing a
large window then shrink the size.
* page/PagePopupClient.h:
(PagePopupClient): Remove a false comment. We should support resize*().
2012-04-25 Kent Tamura <tkent@chromium.org>
Unreviewed. Sort Xcode project file.
* WebCore.xcodeproj/project.pbxproj:
2012-04-25 Alpha Lam <hclam@chromium.org>
Unreviewed, rolling out r115260.
http://trac.webkit.org/changeset/115260https://bugs.webkit.org/show_bug.cgi?id=84467
r115260 is crashing a list of IndexDB tests, revert.
* Modules/indexeddb/IDBLevelDBBackingStore.cpp:
(WebCore):
* platform/leveldb/LevelDBTransaction.cpp:
(WebCore::LevelDBTransaction::TransactionIterator::refreshTreeIterator):
(WebCore::LevelDBTransaction::TransactionIterator::handleConflictsAndDeletes):
* platform/leveldb/LevelDBTransaction.h:
(TransactionIterator):
2012-04-25 James Simonsen <simonjam@chromium.org>
[Web Timing] Add a vendor-prefixed Performance Timeline API
https://bugs.webkit.org/show_bug.cgi?id=80350
As described here: http://dvcs.w3.org/hg/webperf/raw-file/tip/specs/PerformanceTimeline/Overview.html
The API is there and should be correct, but it isn't particularly useful,
because nothing is populated. Upcoming changes will add Navigation Timing
and Resource Timing.
Reviewed by Tony Gentilcore.
No new tests. Functionality is disabled on all platforms.
* CMakeLists.txt: Added PerformanceEntry* files.
* DerivedSources.pri: Ditto.
* GNUmakefile.list.am: Ditto.
* WebCore.gypi: Ditto.
* WebCore.vcproj/WebCore.vcproj: Ditto.
* WebCore.xcodeproj/project.pbxproj: Ditto.
* page/Performance.cpp:
(WebCore::Performance::webkitGetEntries): Added.
(WebCore::Performance::webkitGetEntriesByType): Added.
(WebCore::Performance::webkitGetEntriesByName): Added.
* page/Performance.h:
(Performance):
* page/Performance.idl:
* page/PerformanceEntry.cpp: Added.
(WebCore):
(WebCore::PerformanceEntry::PerformanceEntry):
(WebCore::PerformanceEntry::name):
(WebCore::PerformanceEntry::entryType):
(WebCore::PerformanceEntry::startTime):
(WebCore::PerformanceEntry::duration):
* page/PerformanceEntry.h: Added.
(WebCore):
(PerformanceEntry):
* page/PerformanceEntry.idl: Added.
* page/PerformanceEntryList.cpp: Added.
(WebCore):
(WebCore::PerformanceEntryList::PerformanceEntryList):
(WebCore::PerformanceEntryList::~PerformanceEntryList):
(WebCore::PerformanceEntryList::length):
(WebCore::PerformanceEntryList::item):
(WebCore::PerformanceEntryList::append):
* page/PerformanceEntryList.h: Added.
(WebCore):
(PerformanceEntryList):
(WebCore::PerformanceEntryList::create):
* page/PerformanceEntryList.idl: Added.
2012-04-25 Benjamin Poulain <bpoulain@apple.com>
Move convertJSMethodNameToObjc() to be a utility function of ObjcClass
https://bugs.webkit.org/show_bug.cgi?id=84915
Reviewed by Darin Adler.
The function convertJSMethodNameToObjc() is only useful for ObjcClass::methodsNamed().
This patch moves the function from objc_utility.mm to be a static function in objc_class.mm.
It aims at simplifying the code for future changes of ObjcClass.
* bridge/objc/objc_class.mm:
(Bindings):
(JSC::Bindings::convertJSMethodNameToObjc):
* bridge/objc/objc_utility.h:
* bridge/objc/objc_utility.mm:
(Bindings):
2012-04-25 Kent Tamura <tkent@chromium.org>
Unreviewed. Sort Xcode project file.
* WebCore.xcodeproj/project.pbxproj:
2012-04-25 Greg Billock <gbillock@google.com>
Implement object-literal constructor for the Intent object.
https://bugs.webkit.org/show_bug.cgi?id=84220
Reviewed by Kentaro Hara.
The use of the custom constructor will hopefully be temporary, as we plan
to convert to just using the object literal constructor, which can then use codegen.
See spec: http://dvcs.w3.org/hg/web-intents/raw-file/tip/spec/Overview.html
Added support for the service and extras parameters in the Intent
object to support the speced members in the object literal constructor.
Added supporting accessor to Dictionary to retrieve a sub-Dictionary,
and a utility to ScriptValue to serialize with ports.
Test: webintents/web-intent-obj-constructor.html
(WebCore):
* Modules/intents/Intent.cpp:
(WebCore::Intent::create):
(WebCore::Intent::Intent):
(WebCore::Intent::service):
(WebCore):
(WebCore::Intent::extras):
* Modules/intents/Intent.h:
(WebCore):
(Intent):
* Modules/intents/Intent.idl:
* WebCore.gypi:
* bindings/v8/Dictionary.cpp:
(WebCore::Dictionary::get):
(WebCore):
* bindings/v8/Dictionary.h:
(Dictionary):
* bindings/v8/ScriptValue.cpp:
(WebCore::ScriptValue::serialize):
(WebCore):
* bindings/v8/ScriptValue.h:
(WTF):
(WebCore):
(ScriptValue):
* bindings/v8/custom/V8IntentConstructor.cpp: Added.
(WebCore):
(WebCore::V8Intent::constructorCallback):
2012-04-25 Alexandru Chiculita <achicu@adobe.com>
CSS Shaders: Use u_texture instead of s_texture. It was updated in the spec
https://bugs.webkit.org/show_bug.cgi?id=82618
Reviewed by Dean Jackson.
Changed the uniform name passed to the CSS Shaders from s_texture to u_texture.
https://dvcs.w3.org/hg/FXTF/raw-file/tip/filters/index.html
No new tests, just updating existing ones.
* platform/graphics/filters/CustomFilterShader.cpp:
(WebCore::CustomFilterShader::defaultFragmentShaderString):
(WebCore::CustomFilterShader::initializeParameterLocations):
2012-04-25 Douglas Stockwell <dstockwell@chromium.org>
IndexedDB: cursor does not correctly iterate over keys added and removed during iteration
https://bugs.webkit.org/show_bug.cgi?id=84467
Reviewed by Ojan Vafai.
Ensure that the iterator over the tree of cached adds/removes always points at
the current key, or if the db iterator is current, the next key:
- When refreshing the tree iterator after a mutation, always seek unless the
tree iterator is current.
- When handing conflicts and delete markers, only advance the tree iterator as
far as the db iterator.
Remove the expensive (and now redundant) logic that issued a get() to check
whether an item had been deleted.
Test: storage/indexeddb/cursor-added-bug.html
* Modules/indexeddb/IDBLevelDBBackingStore.cpp:
(WebCore):
* platform/leveldb/LevelDBTransaction.cpp:
(WebCore::LevelDBTransaction::TransactionIterator::refreshTreeIterator):
(WebCore::LevelDBTransaction::TransactionIterator::handleConflictsAndDeletes):
2012-04-25 Antti Koivisto <antti@apple.com>
Try to fix build with STYLE_SCOPED enabled.
Not reviewed.
* css/StyleResolver.cpp:
(WebCore::StyleResolver::determineScope):
2012-04-25 Alec Flett <alecflett@chromium.org>
IndexedDB: support openCursor(IDBKey)
https://bugs.webkit.org/show_bug.cgi?id=84652
Reviewed by Ojan Vafai.
Add signatures for openCursor/openKeyCursor(IDBKey).
Test: storage/indexeddb/opencursor-key.html
* Modules/indexeddb/IDBIndex.cpp:
(WebCore::IDBIndex::openCursor):
(WebCore):
(WebCore::IDBIndex::openKeyCursor):
* Modules/indexeddb/IDBIndex.h:
(WebCore::IDBIndex::openCursor):
(IDBIndex):
(WebCore::IDBIndex::openKeyCursor):
* Modules/indexeddb/IDBIndex.idl:
* Modules/indexeddb/IDBObjectStore.cpp:
(WebCore::IDBObjectStore::openCursor):
(WebCore):
* Modules/indexeddb/IDBObjectStore.h:
(WebCore::IDBObjectStore::openCursor):
(IDBObjectStore):
* Modules/indexeddb/IDBObjectStore.idl:
2012-04-25 Antti Koivisto <antti@apple.com>
Remove owner node pointer from StyleSheetInternal
https://bugs.webkit.org/show_bug.cgi?id=84882
Reviewed by Andreas Kling.
To make sharing between multiple nodes possible StyleSheetInternal should not have a Node pointer.
- Make StyleSheetInternal constructor take CSSParserContext instead of Node*
- Move owner node pointer to CSSStyleSheet. CSSStyleSheet now acts as a client for StyleSheetInternal.
This gets us closer to being able to cache stylesheet data structures.
* css/CSSImportRule.cpp:
(WebCore::StyleRuleImport::setCSSStyleSheet):
(WebCore::StyleRuleImport::requestStyleSheet):
Setup CSSParserContext.
Remove FIXME about updateBaseURL(). It is no longer possible to change URL of StyleSheetInternal.
* css/CSSPageRule.cpp:
(WebCore::CSSPageRule::setSelectorText):
* css/CSSParser.cpp:
(WebCore::CSSParserContext::CSSParserContext):
* css/CSSParserMode.h:
(CSSParserContext):
Expand CSSParserContext constructors.
* css/CSSStyleRule.cpp:
(WebCore::CSSStyleRule::setSelectorText):
* css/StyleResolver.cpp:
(WebCore::StyleResolver::StyleResolver):
(WebCore::StyleResolver::addAuthorRulesAndCollectUserRulesFromSheets):
(WebCore::StyleResolver::collectMatchingRulesForList):
* css/StyleResolver.h:
(StyleResolver):
* css/CSSStyleSheet.cpp:
User stylesheets went back to being CSSStyleSheets. Adapt to that.
(WebCore::StyleSheetInternal::StyleSheetInternal):
(WebCore):
(WebCore::StyleSheetInternal::checkLoaded):
(WebCore::StyleSheetInternal::startLoadingDynamicSheet):
(WebCore::StyleSheetInternal::rootStyleSheet):
(WebCore::StyleSheetInternal::singleOwnerNode):
(WebCore::StyleSheetInternal::singleOwnerDocument):
(WebCore::StyleSheetInternal::styleSheetChanged):
The owner node is now located through CSSStyleSheet. Only one client is supported atm.
(WebCore::StyleSheetInternal::registerClient):
(WebCore::StyleSheetInternal::unregisterClient):
Register CSSStyleSheets.
(WebCore::CSSStyleSheet::CSSStyleSheet):
(WebCore::CSSStyleSheet::~CSSStyleSheet):
(WebCore::CSSStyleSheet::rules):
(WebCore::CSSStyleSheet::cssRules):
(WebCore::CSSStyleSheet::ownerDocument):
* css/CSSStyleSheet.h:
(WebCore::StyleSheetInternal::create):
(WebCore::StyleSheetInternal::createInline):
(StyleSheetInternal):
(WebCore::CSSStyleSheet::create):
(CSSStyleSheet):
Moved m_ownerNode.
Changed constructors
Removed setFinalURL().
* css/PropertySetCSSStyleDeclaration.cpp:
(WebCore::StyleRuleCSSStyleDeclaration::setNeedsStyleRecalc):
* dom/Document.cpp:
(WebCore::Document::updateBaseURL):
Instead of setFinalURL, construct a new StyleSheetInternal if the base url ever changes.
(WebCore::Document::pageUserSheet):
(WebCore::Document::pageGroupUserSheets):
(WebCore::Document::addUserSheet):
(WebCore::Document::elementSheet):
* dom/Document.h:
(Document):
(WebCore::Document::documentUserSheets):
Adapt to the new interface.
Turned user stylesheets CSSStyleSheets so they can find the owner node.
* dom/ProcessingInstruction.cpp:
(WebCore::ProcessingInstruction::setCSSStyleSheet):
* dom/StyleElement.cpp:
(WebCore::StyleElement::createSheet):
* html/HTMLLinkElement.cpp:
(WebCore::HTMLLinkElement::setCSSStyleSheet):
* inspector/InspectorCSSAgent.cpp:
(WebCore::SelectorProfile::startSelector):
(WebCore::InspectorCSSAgent::bindStyleSheet):
* inspector/InspectorStyleSheet.cpp:
(WebCore::fillMediaListChain):
(WebCore::InspectorStyleSheet::ownerDocument):
* page/PageSerializer.cpp:
(WebCore::PageSerializer::serializeCSSStyleSheet):
2012-04-25 Adam Klein <adamk@chromium.org>
Fix uninitialized variable warnings in PasteboardMac.mm after 115145
https://bugs.webkit.org/show_bug.cgi?id=84879
Reviewed by Enrica Casucci.
* platform/mac/PasteboardMac.mm:
(WebCore::Pasteboard::getDataSelection): Initialize attributedString to nil.
(WebCore::Pasteboard::writeSelectionForTypes): ditto.
2012-04-25 Kenneth Russell <kbr@google.com>
Delete CanvasPixelArray, ByteArray, JSByteArray and JSC code once unreferenced
https://bugs.webkit.org/show_bug.cgi?id=83655
Reviewed by Oliver Hunt.
Removed last few references to ByteArray, replacing with
Uint8ClampedArray as necessary, and deleted now-obsolete
CanvasPixelArray, ByteArray and JSByteArray. Removed code from
JavaScriptCore special-casing ByteArray.
No new tests. Did full layout test run on Mac OS; no regressions
seen from this change.
* CMakeLists.txt:
* DerivedSources.pri:
* ForwardingHeaders/runtime/JSByteArray.h: Removed.
* GNUmakefile.list.am:
* PlatformBlackBerry.cmake:
* Target.pri:
* UseV8.cmake:
* WebCore.gypi:
* WebCore.order:
* WebCore.vcproj/WebCore.vcproj:
* WebCore.xcodeproj/project.pbxproj:
* bindings/v8/SerializedScriptValue.cpp:
* bindings/v8/V8Binding.h:
(WebCore::isHostObject):
* bindings/v8/custom/V8CanvasPixelArrayCustom.cpp: Removed.
* bindings/v8/custom/V8InjectedScriptHostCustom.cpp:
(WebCore::V8InjectedScriptHost::typeCallback):
* bridge/qt/qt_runtime.cpp:
(JSC::Bindings::isJSUint8ClampedArray):
(Bindings):
(JSC::Bindings::valueRealType):
(JSC::Bindings::convertValueToQVariant):
(JSC::Bindings::convertQVariantToValue):
* html/canvas/CanvasPixelArray.cpp: Removed.
* html/canvas/CanvasPixelArray.h: Removed.
* html/canvas/CanvasPixelArray.idl: Removed.
* html/canvas/WebGLRenderingContext.cpp:
(WebCore):
* platform/graphics/filters/FEConvolveMatrix.h:
* rendering/svg/RenderSVGResourceMasker.cpp:
2012-04-25 Alpha Lam <hclam@chromium.org>
Unreviewed build fix.
Build fix for compilation failure due to r115243.
* platform/graphics/chromium/LayerChromium.h:
(WebCore):
2012-04-25 Ryosuke Niwa <rniwa@webkit.org>
Build fix after r115227. Return null string when the string builder is empty
to match the old behavior.
* css/StylePropertySet.cpp:
(WebCore::StylePropertySet::borderPropertyValue):
2012-04-25 Ian Vollick <vollick@chromium.org>
[chromium] Add support for animation finished events.
https://bugs.webkit.org/show_bug.cgi?id=84454
Reviewed by James Robinson.
Tested in CCLayerTreeHostTestAnimationFinishedEvents
* platform/graphics/chromium/GraphicsLayerChromium.cpp:
(WebCore::GraphicsLayerChromium::willBeDestroyed):
(WebCore::GraphicsLayerChromium::notifyAnimationFinished):
(WebCore):
* platform/graphics/chromium/GraphicsLayerChromium.h:
* platform/graphics/chromium/LayerChromium.cpp:
(WebCore::LayerChromium::notifyAnimationStarted):
(WebCore::LayerChromium::notifyAnimationFinished):
(WebCore):
* platform/graphics/chromium/LayerChromium.h:
(WebCore):
(LayerChromium):
* platform/graphics/chromium/cc/CCAnimationEvents.h:
(WebCore::CCAnimationEvent::CCAnimationEvent):
(CCAnimationEvent):
(WebCore):
* platform/graphics/chromium/cc/CCLayerAnimationController.cpp:
(WebCore::CCLayerAnimationController::animate):
(WebCore::CCLayerAnimationController::notifyAnimationStarted):
(WebCore::CCLayerAnimationController::startAnimationsWaitingForNextTick):
(WebCore::CCLayerAnimationController::startAnimationsWaitingForStartTime):
(WebCore::CCLayerAnimationController::startAnimationsWaitingForTargetAvailability):
(WebCore::CCLayerAnimationController::purgeFinishedAnimations):
* platform/graphics/chromium/cc/CCLayerAnimationController.h:
(CCLayerAnimationController):
* platform/graphics/chromium/cc/CCLayerAnimationDelegate.h:
(CCLayerAnimationDelegate):
* platform/graphics/chromium/cc/CCLayerTreeHost.cpp:
(WebCore::CCLayerTreeHost::setAnimationEventsRecursive):
2012-04-25 Enrica Casucci <enrica@apple.com>
REGRESSION (r110494): Dragging images from Safari to Finder results in .webloc rather than image file
https://bugs.webkit.org/show_bug.cgi?id=84878
<rdar://problem/11155407>
In WebKit2, it could happen to try to start the drag twice, given the asynchronous nature
of the communication between the UI process and the WebProcess.
We need to guarantee that we don't do that, otherwise on OS X the pasteboard ownership
gets changed which affects the promised file types.
Reviewed by Alexey Proskuryakov.
* page/EventHandler.cpp:
(WebCore::EventHandler::handleDrag): Reset m_mouseDownMayStartDrag to false to
avoid attempting to start another drag.
2012-04-25 Andreas Kling <kling@webkit.org>
Remove unused Attribute constructor.
Semi-knowingly rubber-stamped by Antti Koivisto.
* dom/Attribute.h:
2012-04-25 Nate Chapin <japhet@chromium.org>
Crash in CachedRawResource::didAddClient() due to missing protector.
https://bugs.webkit.org/show_bug.cgi?id=83632
Reviewed by Eric Seidel.
Test: http/tests/xmlhttprequest/access-control-repeated-failed-preflight-crash.html
* loader/cache/CachedRawResource.cpp:
(WebCore::CachedRawResource::didAddClient):
2012-04-25 Kentaro Hara <haraken@chromium.org>
[V8] Pass Isolate to SerializedScriptValue::deserialize()
https://bugs.webkit.org/show_bug.cgi?id=84758
Reviewed by Nate Chapin.
The objective is to pass Isolate around. This patch passes
Isolate to SerializedScriptValue::deserialize().
No tests. No change in behavior.
* bindings/v8/custom/V8HistoryCustom.cpp:
(WebCore::V8History::stateAccessorGetter):
* bindings/v8/custom/V8IDBAnyCustom.cpp:
(WebCore::toV8):
* bindings/v8/custom/V8MessageEventCustom.cpp:
(WebCore::V8MessageEvent::dataAccessorGetter):
* bindings/v8/custom/V8PopStateEventCustom.cpp:
(WebCore::V8PopStateEvent::stateAccessorGetter):
2012-04-25 Kentaro Hara <haraken@chromium.org>
[V8] Pass Isolate to SerializedScriptValue::create() in custom bindings
https://bugs.webkit.org/show_bug.cgi?id=84757
Reviewed by Nate Chapin.
The objective is to pass Isolate around in V8 bindings.
This patch passes Isolate to SerializedScriptValue::create()
in custom bindings.
No tests. No change in behavior.
* bindings/v8/custom/V8DOMWindowCustom.cpp:
(WebCore::handlePostMessageCallback):
* bindings/v8/custom/V8DedicatedWorkerContextCustom.cpp:
(WebCore::handlePostMessageCallback):
* bindings/v8/custom/V8HistoryCustom.cpp:
(WebCore::V8History::pushStateCallback):
(WebCore::V8History::replaceStateCallback):
* bindings/v8/custom/V8MessagePortCustom.cpp:
(WebCore::handlePostMessageCallback):
* bindings/v8/custom/V8WorkerCustom.cpp:
(WebCore::handlePostMessageCallback):
2012-04-25 Kentaro Hara <haraken@chromium.org>
[V8] Pass Isolate to SerializedScriptValue::create() in CodeGeneratorV8.pm
https://bugs.webkit.org/show_bug.cgi?id=84753
Reviewed by Nate Chapin.
The objective is to pass Isolate around in V8 bindings.
This patch passes Isolate to SerializedScriptValue::create()
in CodeGeneratorV8.pm.
Tests: bindings/scripts/test/TestObj.idl
bindings/scripts/test/TestSerializedScriptValueInterface.idl
* bindings/scripts/CodeGeneratorV8.pm:
(GenerateNormalAttrSetter):
(GenerateParametersCheck):
(JSValueToNative):
* bindings/scripts/test/V8/V8TestObj.cpp: Updated run-bindings-tests results.
(WebCore::TestObjV8Internal::intSequenceAttrAttrGetter):
(WebCore::TestObjV8Internal::shortSequenceAttrAttrGetter):
(WebCore::TestObjV8Internal::longSequenceAttrAttrGetter):
(WebCore::TestObjV8Internal::longLongSequenceAttrAttrGetter):
(WebCore::TestObjV8Internal::unsignedIntSequenceAttrAttrGetter):
(WebCore::TestObjV8Internal::unsignedShortSequenceAttrAttrGetter):
(WebCore::TestObjV8Internal::unsignedLongSequenceAttrAttrGetter):
(WebCore::TestObjV8Internal::unsignedLongLongSequenceAttrAttrGetter):
(WebCore::TestObjV8Internal::floatSequenceAttrAttrGetter):
(WebCore::TestObjV8Internal::doubleSequenceAttrAttrGetter):
(WebCore::TestObjV8Internal::booleanSequenceAttrAttrGetter):
(WebCore::TestObjV8Internal::voidSequenceAttrAttrGetter):
(WebCore::TestObjV8Internal::dateSequenceAttrAttrGetter):
(WebCore::TestObjV8Internal::serializedValueCallback):
* bindings/scripts/test/V8/V8TestSerializedScriptValueInterface.cpp:
(WebCore::TestSerializedScriptValueInterfaceV8Internal::valueAttrSetter):
(WebCore::TestSerializedScriptValueInterfaceV8Internal::cachedValueAttrSetter):
(WebCore::TestSerializedScriptValueInterfaceV8Internal::acceptTransferListCallback):
(WebCore::TestSerializedScriptValueInterfaceV8Internal::multiTransferListCallback):
(WebCore::V8TestSerializedScriptValueInterface::constructorCallback):
2012-04-25 Kentaro Hara <haraken@chromium.org>
[V8] Add m_isolate to SerializedScriptValue::Writer
and SerializedScriptValue::Reader
https://bugs.webkit.org/show_bug.cgi?id=84739
Reviewed by Nate Chapin.
This is the second step to pass Isolate around
in SerializedScriptValue. This patch adds m_isolate to
SerializedScriptValue::Writer and SerializedScriptValue::Reader,
so that they can use the isolate around. The fix is safe since
Writer and Reader are guaranteed to be used by one Isolate.
No tests. No change in behavior.
* bindings/v8/SerializedScriptValue.cpp:
(WebCore::SerializedScriptValue::create):
(WebCore::SerializedScriptValue::nullValue):
(WebCore::SerializedScriptValue::undefinedValue):
(WebCore::SerializedScriptValue::booleanValue):
(WebCore::SerializedScriptValue::numberValue):
(WebCore::SerializedScriptValue::SerializedScriptValue):
(WebCore::SerializedScriptValue::deserialize):
* bindings/v8/SerializedScriptValue.h:
(SerializedScriptValue):
2012-04-25 Kentaro Hara <haraken@chromium.org>
[V8] Make the Isolate* parameter non-optional in setDOMException()
https://bugs.webkit.org/show_bug.cgi?id=84736
Reviewed by Nate Chapin.
Now all setDOMException() callers pass Isolate* to setDOMException().
This patch makes the Isolate* parameter non-optional.
No tests. No change in behavior.
* bindings/v8/V8Proxy.h:
(V8Proxy):
2012-04-24 Ryosuke Niwa <rniwa@webkit.org>
REGRESSION(r112177): listStyleType CSS property gets converted into listStyle
https://bugs.webkit.org/show_bug.cgi?id=83026
Reviewed by Darin Adler.
Fixed the bug by not using shorthand notations when some values are missing.
However, we still want to return a value when shorthand border property is explicitly
requested so extract borderPropertyValue with a flag to support both behaviors.
* css/StylePropertySet.cpp:
(WebCore::borderPropertyValue): Extracted from getPropertyValue.
(WebCore::StylePropertySet::getPropertyValue):
(WebCore::StylePropertySet::get4Values): Don't return values when priority don't match.
(WebCore::StylePropertySet::getShorthandValue):
(WebCore::StylePropertySet::getCommonValue): Don't return null string for initial values
to disambiguate missing values and "initial" in getPropertyValue. Also check propriety.
(WebCore::StylePropertySet::asText): Support emitting border-width, border-style, and
border-color when border doesn't work but the former properties do.
2012-04-25 Ian Vollick <vollick@chromium.org>
[chromium] Do not clobber synchronized start times.
https://bugs.webkit.org/show_bug.cgi?id=84605
Reviewed by James Robinson.
Tested in CCLayerAnimationControllerTest.doNotClobberStartTimes
(WebCore):
* platform/graphics/chromium/cc/CCActiveAnimation.h:
(CCActiveAnimation):
(WebCore::CCActiveAnimation::hasSetStartTime):
* platform/graphics/chromium/cc/CCLayerAnimationController.cpp:
(WebCore::CCLayerAnimationController::startAnimationsWaitingForNextTick):
(WebCore::CCLayerAnimationController::startAnimationsWaitingForTargetAvailability):
2012-04-25 Nate Chapin <japhet@chromium.org>
REGRESSION (r100311): YummySoup app crashes when trying to print
https://bugs.webkit.org/show_bug.cgi?id=83918
Reviewed by Alexey Proskuryakov.
Test: http/tests/xmlhttprequest/cancel-during-failure-crash.html
* loader/ResourceLoader.cpp:
(WebCore::ResourceLoader::didFail): Set m_calledDidFinishLoad when calling
didFailToLoad() to prevent it from getting called twice if we cancel
re-entrantly.
2012-04-25 Alexis Menard <alexis.menard@openbossa.org>
Not reviewed, fix Windows build after r115215.
* css/CSSAllInOne.cpp:
2012-04-25 Eric Carlson <eric.carlson@apple.com>
Not reviewed, attempt to fix Windows build after r115215.
* css/CSSAllInOne.cpp: Don't try to include CSSStyleSelector.cpp.
2012-04-25 Mark Pilgrim <pilgrim@chromium.org>
[Chromium] Call actualMemoryUsageMB directly
https://bugs.webkit.org/show_bug.cgi?id=84837
Reviewed by Kentaro Hara.
Part of a refactoring series. See tracking bug 82948.
* bindings/v8/V8DOMWindowShell.cpp:
(WebCore::reportFatalErrorInV8):
* bindings/v8/V8GCController.cpp:
(WebCore):
* platform/MemoryUsageSupport.cpp:
(WebCore::MemoryUsageSupport::actualMemoryUsageMB):
(WebCore):
* platform/MemoryUsageSupport.h:
(MemoryUsageSupport):
* platform/chromium/MemoryUsageSupportChromium.cpp:
(WebCore::MemoryUsageSupport::actualMemoryUsageMB):
(WebCore):
* platform/chromium/PlatformSupport.h:
(PlatformSupport):
2012-04-25 Alexis Menard <alexis.menard@openbossa.org>
Rename CSSStyleSelector files to StyleResolver.
https://bugs.webkit.org/show_bug.cgi?id=84814
Reviewed by Antti Koivisto.
Rename CSSStyleSelector files to match the new class name StyleResolver.
Update the includes all over the code base to the new name.
No new tests : renaming files, no behavior changes expected.
* CMakeLists.txt:
* GNUmakefile.list.am:
* Target.pri:
* WebCore.gypi:
* WebCore.vcproj/WebCore.vcproj:
* WebCore.xcodeproj/project.pbxproj:
* css/CSSAllInOne.cpp:
* css/CSSCalculationValue.cpp:
* css/CSSFontSelector.cpp:
* css/CSSGradientValue.cpp:
* css/MediaQueryEvaluator.cpp:
* css/MediaQueryMatcher.cpp:
* css/SVGCSSStyleSelector.cpp:
* css/StyleBuilder.cpp:
* css/StyleMedia.cpp:
* css/StyleResolver.cpp: Renamed from Source/WebCore/css/CSSStyleSelector.cpp.
(WebCore):
(RuleData):
(WebCore::RuleData::position):
(WebCore::RuleData::rule):
(WebCore::RuleData::selector):
(WebCore::RuleData::hasFastCheckableSelector):
(WebCore::RuleData::hasMultipartSelector):
(WebCore::RuleData::hasRightmostSelectorMatchingHTMLBasedOnRuleHash):
(WebCore::RuleData::containsUncommonAttributeSelector):
(WebCore::RuleData::specificity):
(WebCore::RuleData::linkMatchType):
(WebCore::RuleData::hasDocumentSecurityOrigin):
(WebCore::RuleData::isInRegionRule):
(WebCore::RuleData::descendantSelectorIdentifierHashes):
(SameSizeAsRuleData):
(RuleSet):
(WebCore::RuleSet::create):
(WebCore::RuleSet::disableAutoShrinkToFit):
(WebCore::RuleSet::features):
(WebCore::RuleSet::idRules):
(WebCore::RuleSet::classRules):
(WebCore::RuleSet::tagRules):
(WebCore::RuleSet::shadowPseudoElementRules):
(WebCore::RuleSet::linkPseudoClassRules):
(WebCore::RuleSet::focusPseudoClassRules):
(WebCore::RuleSet::universalRules):
(WebCore::RuleSet::pageRules):
(WebCore::RuleSet::RuleSetSelectorPair::RuleSetSelectorPair):
(RuleSetSelectorPair):
(WebCore::elementCanUseSimpleDefaultStyle):
(WebCore::screenEval):
(WebCore::printEval):
(WebCore::leftToRightDeclaration):
(WebCore::rightToLeftDeclaration):
(WebCore::StyleResolver::StyleResolver):
(WebCore::StyleResolver::addAuthorRulesAndCollectUserRulesFromSheets):
(WebCore::makeRuleSet):
(WebCore::StyleResolver::collectFeatures):
(WebCore::StyleResolver::determineScope):
(WebCore::StyleResolver::ruleSetForScope):
(WebCore::StyleResolver::appendAuthorStylesheets):
(WebCore::StyleResolver::setupScopeStack):
(WebCore::StyleResolver::pushScope):
(WebCore::StyleResolver::popScope):
(WebCore::StyleResolver::pushParentElement):
(WebCore::StyleResolver::popParentElement):
(WebCore::StyleResolver::pushParentShadowRoot):
(WebCore::StyleResolver::popParentShadowRoot):
(WebCore::StyleResolver::addKeyframeStyle):
(WebCore::StyleResolver::~StyleResolver):
(WebCore::StyleResolver::sweepMatchedPropertiesCache):
(WebCore::StyleResolver::Features::Features):
(WebCore::StyleResolver::Features::~Features):
(WebCore::StyleResolver::Features::add):
(WebCore::StyleResolver::Features::clear):
(WebCore::parseUASheet):
(WebCore::loadFullDefaultStyle):
(WebCore::loadSimpleDefaultStyle):
(WebCore::loadViewSourceStyle):
(WebCore::ensureDefaultStyleSheetsForElement):
(WebCore::StyleResolver::addMatchedProperties):
(WebCore::StyleResolver::addElementStyleProperties):
(WebCore::StyleResolver::collectMatchingRules):
(WebCore::StyleResolver::collectMatchingRulesForRegion):
(WebCore::StyleResolver::sortAndTransferMatchedRules):
(WebCore::StyleResolver::matchScopedAuthorRules):
(WebCore::StyleResolver::matchAuthorRules):
(WebCore::StyleResolver::matchUserRules):
(WebCore::StyleResolver::matchUARules):
(MatchingUARulesScope):
(WebCore::MatchingUARulesScope::MatchingUARulesScope):
(WebCore::MatchingUARulesScope::~MatchingUARulesScope):
(WebCore::MatchingUARulesScope::isMatchingUARules):
(WebCore::StyleResolver::collectMatchingRulesForList):
* css/StyleResolver.h: Renamed from Source/WebCore/css/CSSStyleSelector.h.
(WebCore):
(MediaQueryResult):
(WebCore::MediaQueryResult::MediaQueryResult):
(StyleResolver):
(WebCore::StyleResolver::style):
(WebCore::StyleResolver::parentStyle):
(WebCore::StyleResolver::rootElementStyle):
(WebCore::StyleResolver::element):
(WebCore::StyleResolver::document):
(WebCore::StyleResolver::fontDescription):
(WebCore::StyleResolver::parentFontDescription):
(WebCore::StyleResolver::setFontDescription):
(WebCore::StyleResolver::setZoom):
(WebCore::StyleResolver::setEffectiveZoom):
(WebCore::StyleResolver::setTextSizeAdjust):
(WebCore::StyleResolver::hasParentNode):
(WebCore::StyleResolver::pushScope):
(WebCore::StyleResolver::popScope):
(WebCore::StyleResolver::setStyle):
(WebCore::StyleResolver::fontSelector):
(WebCore::StyleResolver::allVisitedStateChanged):
(WebCore::StyleResolver::visitedStateChanged):
(WebCore::StyleResolver::usesSiblingRules):
(WebCore::StyleResolver::usesFirstLineRules):
(WebCore::StyleResolver::usesBeforeAfterRules):
(WebCore::StyleResolver::usesLinkRules):
(WebCore::StyleResolver::RuleFeature::RuleFeature):
(RuleFeature):
(Features):
(WebCore::StyleResolver::addMatchedRule):
(WebCore::StyleResolver::MatchRanges::MatchRanges):
(MatchRanges):
(WebCore::StyleResolver::MatchedProperties::MatchedProperties):
(MatchedProperties):
(WebCore::StyleResolver::MatchResult::MatchResult):
(MatchResult):
(WebCore::StyleResolver::MatchOptions::MatchOptions):
(MatchOptions):
(WebCore::StyleResolver::isRightPage):
(WebCore::StyleResolver::styleNotYetAvailable):
(WebCore::StyleResolver::applyPropertyToRegularStyle):
(WebCore::StyleResolver::applyPropertyToVisitedLinkStyle):
(MatchedPropertiesCacheItem):
(WebCore::StyleResolver::scopeStackIsConsistent):
(WebCore::StyleResolver::ScopeStackFrame::ScopeStackFrame):
(ScopeStackFrame):
* css/WebKitCSSMatrix.cpp:
* dom/Document.cpp:
* dom/Element.cpp:
* dom/Node.cpp:
* dom/ShadowRoot.cpp:
* dom/ShadowTree.cpp:
* dom/StyledElement.cpp:
* editing/ApplyStyleCommand.cpp:
* editing/EditingStyle.cpp:
* editing/Editor.cpp:
* editing/markup.cpp:
* history/CachedPage.cpp:
* html/HTMLDocument.cpp:
* html/HTMLLinkElement.cpp:
* html/HTMLOptGroupElement.cpp:
* html/HTMLOptionElement.cpp:
* html/ValidationMessage.cpp:
* html/canvas/CanvasRenderingContext2D.cpp:
* html/shadow/MediaControlElements.cpp:
* inspector/InspectorCSSAgent.cpp:
* inspector/InspectorDOMAgent.cpp:
* inspector/InspectorStyleSheet.cpp:
* loader/LinkLoader.cpp:
* page/DOMWindow.cpp:
* page/FrameView.cpp:
* page/Page.cpp:
* page/animation/KeyframeAnimation.cpp:
* platform/qt/RenderThemeQt.cpp:
* platform/qt/RenderThemeQtMobile.cpp:
* rendering/RenderLayer.cpp:
* rendering/RenderLayerBacking.cpp:
* rendering/RenderListBox.cpp:
* rendering/RenderMenuList.cpp:
* rendering/RenderObject.cpp:
* rendering/RenderRegion.cpp:
* rendering/RenderSlider.cpp:
* rendering/RenderTextControlSingleLine.cpp:
* rendering/RenderThemeMac.mm:
* rendering/RenderThemeSafari.cpp:
* rendering/style/RenderStyle.cpp:
* rendering/style/StyleGeneratedImage.cpp:
* rendering/style/StyleRareNonInheritedData.cpp:
* rendering/svg/RenderSVGInlineText.cpp:
* svg/SVGClipPathElement.cpp:
* svg/SVGElement.cpp:
* svg/SVGFontFaceElement.cpp:
* svg/SVGGradientElement.cpp:
* svg/SVGMaskElement.cpp:
* svg/SVGUseElement.cpp:
2012-04-25 Crystal Zhang <haizhang@rim.com>
https://bugs.webkit.org/show_bug.cgi?id=84875
make-css-file-arrays.pl now only take css files, make it also take js files,
as for html popups we also need load js files.
Reviewed by Antonio Gomes.
* css/make-css-file-arrays.pl:
2012-04-25 Li Yin <li.yin@intel.com>
[chromium][workers] setTargetType(ResourceRequest::TargetIsWorker) is repeatedly called in chromium
https://bugs.webkit.org/show_bug.cgi?id=84542
Reviewed by David Levin.
In chromium platform, the default value of m_targetType is ResourceRequest::TargetIsWorker
it isn't necessary to call
worker->m_scriptLoader->setTargetType(ResourceRequest::TargetIsWorker) again in Worker.cpp
In chromium platform, the m_targettype value determines the priority of resource loaded.
No new tests because this patch just deletes a repeated code, it can reduce code workload and can't impact any feature.
If the target type isn't set correctly, the following test maybe fail because of timeout in the chromium.
fast/workers/storage/multiple-transactions-on-different-handles.html
fast/workers/storage/multiple-transactions-on-different-handles-sync.html
fast/workers/storage/interrupt-database.html
* workers/Worker.cpp:
(WebCore::Worker::create):
2012-04-25 Yury Semikhatsky <yurys@chromium.org>
Web Inspector: move HeapSnapshotLoader into a separate file
https://bugs.webkit.org/show_bug.cgi?id=84860
Extracted HeapSnapshotLoader into its own file.
Reviewed by Pavel Feldman.
* WebCore.gypi:
* WebCore.vcproj/WebCore.vcproj:
* inspector/compile-front-end.py:
* inspector/front-end/HeapSnapshot.js:
* inspector/front-end/HeapSnapshotLoader.js: Added.
(WebInspector.HeapSnapshotLoader):
(WebInspector.HeapSnapshotLoader.prototype._findBalancedCurlyBrackets):
(WebInspector.HeapSnapshotLoader.prototype.finishLoading):
(WebInspector.HeapSnapshotLoader.prototype._parseUintArray):
(WebInspector.HeapSnapshotLoader.prototype._parseStringsArray):
(WebInspector.HeapSnapshotLoader.prototype.pushJSONChunk):
* inspector/front-end/WebKit.qrc:
* inspector/front-end/inspector.html:
2012-04-25 'Pavel Feldman' <pfeldman@chromium.org>
Not reviewed: inspector frontend tests fix.
* inspector/front-end/ScriptsSearchScope.js:
2012-04-25 Ian Vollick <vollick@chromium.org>
[chromium] Animations waiting for a synchronized start time should never be marked finished.
https://bugs.webkit.org/show_bug.cgi?id=84519
Reviewed by James Robinson.
Tested in CCLayerAnimationControllerTest.AnimationsWaitingForStartTimeDoNotFinishIfTheyWaitLongerToStartThanTheirDuration
* platform/graphics/chromium/cc/CCLayerAnimationController.cpp:
(WebCore::CCLayerAnimationController::tickAnimations):
2012-04-25 Pierre Rossi <pierre.rossi@gmail.com>
[SVG] Nothing should be stroked when the stroke-width is 0
https://bugs.webkit.org/show_bug.cgi?id=83568
Reviewed by Nikolas Zimmermann.
The spec states that "A zero value causes no stroke to be painted".
We should avoid calling functions that could incorrectly paint something
in that case.
Test: svg/custom/path-zero-strokewidth.svg
* rendering/style/SVGRenderStyle.h:
(WebCore::SVGRenderStyle::hasVisibleStroke):
* rendering/svg/RenderSVGEllipse.cpp:
(WebCore::RenderSVGEllipse::strokeShape): Check if the stroke should be visible before painting.
* rendering/svg/RenderSVGRect.cpp:
(WebCore::RenderSVGRect::strokeShape): Ditto.
* rendering/svg/RenderSVGShape.cpp:
(WebCore::RenderSVGShape::strokeShape): Ditto.
(WebCore::RenderSVGShape::strokePath): Ditto.
* rendering/svg/SVGInlineTextBox.cpp:
(WebCore::SVGInlineTextBox::paint): Dont call paintText for zero-width stroke.
(WebCore::SVGInlineTextBox::paintDecoration): Ditto.
2012-04-25 Alexis Menard <alexis.menard@openbossa.org>
Unfortunately http://trac.webkit.org/changeset/115055 was landed using webkit-patch
land-from bug but didn't do the right thing, we lost the history.
This commit is merging back CSSStyleApplyProperty.* and their history, rename the files
to StyleBuilder and re-apply the two patches on trunk that were apply after the rename.
Rename CSSStyleSelector class to StyleResolver.
https://bugs.webkit.org/show_bug.cgi?id=84734
The name CSSStyleSelector is confusing as it conflicts a bit with
the CSS concept of selectors. One could think it's an encapsulation
of the CSS selectors but it's not, in fact this class is responsible
of finding the RenderStyle for a given element. This is the first patch
as I will later rename the files, and then rename the local variables.
Replace occurences of style selector from variables and methods names by style resolver.
https://bugs.webkit.org/show_bug.cgi?id=84765
Rename methods and variables to follow the new name StyleResolver. It requires to update the
local variables, methods parameters, and function names to match the new name and to remove
the concept of "selector" to avoid clashing with the CSS concept. The next and last patch
will be to rename CSSStyleSelector file and update the includes.
* css/StyleBuilder.cpp: Replaced with Source/WebCore/css/CSSStyleApplyProperty.cpp.
(WebCore::ApplyPropertyExpanding::applyInheritValue):
(WebCore::ApplyPropertyExpanding::applyInitialValue):
(WebCore::ApplyPropertyExpanding::applyValue):
(WebCore::ApplyPropertyDefaultBase::applyInheritValue):
(WebCore::ApplyPropertyDefaultBase::applyInitialValue):
(WebCore::ApplyPropertyDefaultBase::applyValue):
(WebCore::ApplyPropertyDefault::applyValue):
(WebCore::ApplyPropertyNumber::applyValue):
(WebCore::ApplyPropertyStyleImage::applyValue):
(WebCore::ApplyPropertyAuto::applyInheritValue):
(WebCore::ApplyPropertyAuto::applyInitialValue):
(WebCore::ApplyPropertyAuto::applyValue):
(WebCore::ApplyPropertyClip::convertToLength):
(WebCore::ApplyPropertyClip::applyInheritValue):
(WebCore::ApplyPropertyClip::applyInitialValue):
(WebCore::ApplyPropertyClip::applyValue):
(WebCore::ApplyPropertyColor::applyInheritValue):
(WebCore::ApplyPropertyColor::applyInitialValue):
(WebCore::ApplyPropertyColor::applyValue):
(WebCore::ApplyPropertyColor::applyColorValue):
(WebCore::ApplyPropertyDirection::applyValue):
(WebCore::ApplyPropertyLength::applyValue):
(WebCore::ApplyPropertyString::applyValue):
(WebCore::ApplyPropertyBorderRadius::applyValue):
(WebCore::ApplyPropertyFillLayer::applyInheritValue):
(WebCore::ApplyPropertyFillLayer::applyInitialValue):
(WebCore::ApplyPropertyFillLayer::applyValue):
(WebCore::ApplyPropertyComputeLength::applyValue):
(WebCore::ApplyPropertyFont::applyInheritValue):
(WebCore::ApplyPropertyFont::applyInitialValue):
(WebCore::ApplyPropertyFont::applyValue):
(WebCore::ApplyPropertyFontSize::applyInheritValue):
(WebCore::ApplyPropertyFontSize::applyInitialValue):
(WebCore::ApplyPropertyFontSize::applyValue):
(WebCore::ApplyPropertyFontWeight::applyValue):
(WebCore::ApplyPropertyFontVariantLigatures::applyInheritValue):
(WebCore::ApplyPropertyFontVariantLigatures::applyInitialValue):
(WebCore::ApplyPropertyFontVariantLigatures::applyValue):
(WebCore::ApplyPropertyBorderImage::applyValue):
(WebCore::ApplyPropertyBorderImageModifier::applyInheritValue):
(WebCore::ApplyPropertyBorderImageModifier::applyInitialValue):
(WebCore::ApplyPropertyBorderImageModifier::applyValue):
(WebCore::ApplyPropertyBorderImageSource::applyValue):
(WebCore::ApplyPropertyCounter::emptyFunction):
(WebCore::ApplyPropertyCounter::applyInheritValue):
(WebCore::ApplyPropertyCounter::applyValue):
(WebCore::ApplyPropertyCursor::applyInheritValue):
(WebCore::ApplyPropertyCursor::applyInitialValue):
(WebCore::ApplyPropertyCursor::applyValue):
(WebCore::ApplyPropertyTextAlign::applyValue):
(WebCore::ApplyPropertyTextDecoration::applyValue):
(WebCore::ApplyPropertyUnicodeBidi::applyValue):
(WebCore::ApplyPropertyLineHeight::applyValue):
(WebCore::ApplyPropertyPageSize::applyInheritValue):
(WebCore::ApplyPropertyPageSize::applyInitialValue):
(WebCore::ApplyPropertyPageSize::applyValue):
(WebCore::ApplyPropertyTextEmphasisStyle::applyInheritValue):
(WebCore::ApplyPropertyTextEmphasisStyle::applyInitialValue):
(WebCore::ApplyPropertyTextEmphasisStyle::applyValue):
(WebCore):
(WebCore::ApplyPropertyAnimation::map):
(WebCore::ApplyPropertyAnimation::applyInheritValue):
(WebCore::ApplyPropertyAnimation::applyInitialValue):
(WebCore::ApplyPropertyAnimation::applyValue):
(WebCore::ApplyPropertyOutlineStyle::applyInheritValue):
(WebCore::ApplyPropertyOutlineStyle::applyInitialValue):
(WebCore::ApplyPropertyOutlineStyle::applyValue):
(WebCore::ApplyPropertyResize::applyValue):
(WebCore::ApplyPropertyVerticalAlign::applyValue):
(WebCore::ApplyPropertyAspectRatio::applyInheritValue):
(WebCore::ApplyPropertyAspectRatio::applyInitialValue):
(WebCore::ApplyPropertyAspectRatio::applyValue):
(WebCore::ApplyPropertyZoom::resetEffectiveZoom):
(WebCore::ApplyPropertyZoom::applyInheritValue):
(WebCore::ApplyPropertyZoom::applyInitialValue):
(WebCore::ApplyPropertyZoom::applyValue):
(WebCore::ApplyPropertyDisplay::isValidDisplayValue):
(WebCore::ApplyPropertyDisplay::applyInheritValue):
(WebCore::ApplyPropertyDisplay::applyInitialValue):
(WebCore::ApplyPropertyDisplay::applyValue):
(WebCore::ApplyPropertyFlex::applyInheritValue):
(WebCore::ApplyPropertyFlex::applyInitialValue):
(WebCore::ApplyPropertyFlex::applyValue):
(WebCore::StyleBuilder::StyleBuilder):
* css/StyleBuilder.h: Replaced with Source/WebCore/css/CSSStyleApplyProperty.h.
(WebCore):
(PropertyHandler):
(WebCore::PropertyHandler::applyInheritValue):
(WebCore::PropertyHandler::applyInitialValue):
(WebCore::PropertyHandler::applyValue):
2012-04-25 Eric Carlson <eric.carlson@apple.com>
Not reviewed, fix Windows build after r115165.
* rendering/RenderLayerCompositor.cpp:
(WebCore::RenderLayerCompositor::updateCompositingLayers): Initialize logging variable.
2012-04-25 Florin Malita <fmalita@chromium.org>
[Coverity] Uninitialized fields in RenderSVGShape constructors
https://bugs.webkit.org/show_bug.cgi?id=84749
Reviewed by Darin Adler.
Removing unused RenderSVGShape constructor and field.
No new tests - no behavior change.
* rendering/svg/RenderSVGShape.cpp:
* rendering/svg/RenderSVGShape.h:
(RenderSVGShape):
2012-04-25 'Pavel Feldman' <pfeldman@chromium.org>
Not reviewed: follow up to r115194, removed debug output.
* inspector/front-end/DebuggerPresentationModel.js:
(WebInspector.DebuggerPresentationModel.prototype._parsedScriptSource):
2012-04-25 Pavel Feldman <pfeldman@chromium.org>
Web Inspector: extract Linkifier from DebuggerPresentationModel.
https://bugs.webkit.org/show_bug.cgi?id=84855
Reviewed by Yury Semikhatsky.
There is nothing Linkifier needs from the model, extracting as a top-level class.
* WebCore.gypi:
* WebCore.vcproj/WebCore.vcproj:
* inspector/compile-front-end.py:
* inspector/front-end/ConsoleMessage.js:
* inspector/front-end/ConsoleView.js:
(WebInspector.ConsoleView):
* inspector/front-end/DebuggerPresentationModel.js:
* inspector/front-end/EventListenersSidebarPane.js:
* inspector/front-end/Linkifier.js: Added.
(WebInspector.LinkifierFormatter):
(WebInspector.LinkifierFormatter.prototype.formatLiveAnchor):
(WebInspector.Linkifier):
(WebInspector.Linkifier.prototype.linkifyLocation):
(WebInspector.Linkifier.prototype.linkifyRawLocation):
(WebInspector.Linkifier.prototype.reset):
(WebInspector.Linkifier.prototype._updateAnchor):
(WebInspector.Linkifier.DefaultFormatter):
(WebInspector.Linkifier.DefaultFormatter.prototype.formatLiveAnchor):
* inspector/front-end/NetworkPanel.js:
* inspector/front-end/ObjectPopoverHelper.js:
(WebInspector.ObjectPopoverHelper.prototype._showObjectPopover.showObjectPopover.):
(WebInspector.ObjectPopoverHelper.prototype._showObjectPopover):
* inspector/front-end/ProfileView.js:
* inspector/front-end/ScriptsSearchScope.js:
(WebInspector.ScriptsSearchResultsPane):
* inspector/front-end/TimelinePresentationModel.js:
(WebInspector.TimelinePresentationModel):
* inspector/front-end/WebKit.qrc:
* inspector/front-end/inspector.html:
2012-04-25 Pavel Feldman <pfeldman@chromium.org>
Web Inspector: move sourcemap-agnostic part of the debugger presentation model into the raw debugger.
https://bugs.webkit.org/show_bug.cgi?id=84852
Reviewed by Yury Semikhatsky.
There is no need to keep that much debugging functionality in the debugger presentation model.
It all perfectly applies to the raw script debugger. Methods for selecting call frames, activating breakpoints
and paused details were moved to the WebInspector.DebuggerModel.
* inspector/front-end/BreakpointManager.js:
(WebInspector.BreakpointManager.prototype._removeBreakpointFromUI):
* inspector/front-end/CallStackSidebarPane.js:
(WebInspector.CallStackSidebarPane):
(WebInspector.CallStackSidebarPane.prototype.update):
(WebInspector.CallStackSidebarPane.prototype.setSelectedCallFrame):
(WebInspector.CallStackSidebarPane.prototype._selectedCallFrameIndex):
(WebInspector.CallStackSidebarPane.prototype._placardSelected):
(WebInspector.CallStackSidebarPane.Placard):
(WebInspector.CallStackSidebarPane.Placard.prototype._update):
* inspector/front-end/ConsoleView.js:
* inspector/front-end/DebuggerModel.js:
(WebInspector.DebuggerModel.prototype._globalObjectCleared):
(WebInspector.DebuggerModel.prototype._didEditScriptSource):
(WebInspector.DebuggerModel.prototype._setDebuggerPausedDetails):
(WebInspector.DebuggerModel.prototype._pausedScript):
(WebInspector.DebuggerModel.prototype._resumedScript):
(WebInspector.DebuggerModel.prototype.isPaused):
(WebInspector.DebuggerModel.prototype.setSelectedCallFrame.updateExecutionLine):
(WebInspector.DebuggerModel.prototype.setSelectedCallFrame):
(WebInspector.DebuggerModel.prototype.selectedCallFrame):
(WebInspector.DebuggerModel.prototype.evaluateOnSelectedCallFrame):
(WebInspector.DebuggerModel.prototype.getSelectedCallFrameVariables.propertiesCollected):
(WebInspector.DebuggerModel.prototype.getSelectedCallFrameVariables):
(WebInspector.DebuggerModel.prototype.setBreakpointsActive):
(WebInspector.DebuggerModel.prototype.breakpointsActive):
(WebInspector.DebuggerModel.CallFrame):
(WebInspector.DebuggerModel.CallFrame.prototype.get script):
(WebInspector.DebuggerModel.CallFrame.prototype.get type):
(WebInspector.DebuggerModel.CallFrame.prototype.get scopeChain):
(WebInspector.DebuggerModel.CallFrame.prototype.get this):
(WebInspector.DebuggerModel.CallFrame.prototype.get functionName):
(WebInspector.DebuggerModel.CallFrame.prototype.get location):
(WebInspector.DebuggerModel.CallFrame.prototype.evaluate):
(WebInspector.DebuggerModel.CallFrame.prototype.createLiveLocation):
(WebInspector.DebuggerModel.CallFrame.prototype.dispose):
(WebInspector.DebuggerPausedDetails):
(WebInspector.DebuggerPausedDetails.prototype.dispose):
* inspector/front-end/DebuggerPresentationModel.js:
(WebInspector.DebuggerPresentationModel):
(WebInspector.DebuggerPresentationModel.prototype.createLiveLocation):
(WebInspector.DebuggerPresentationModel.prototype._parsedScriptSource):
(WebInspector.DebuggerPresentationModel.prototype._callFrameSelected):
(WebInspector.DebuggerPresentationModel.prototype.setScriptSource.didEditScriptSource):
(WebInspector.DebuggerPresentationModel.prototype.setScriptSource):
(WebInspector.DebuggerPresentationModel.prototype._debuggerReset):
* inspector/front-end/JavaScriptSource.js:
(WebInspector.JavaScriptSource.prototype.setBreakpoint):
* inspector/front-end/JavaScriptSourceFrame.js:
(WebInspector.JavaScriptSourceFrame.prototype._resolveObjectForPopover):
* inspector/front-end/Script.js:
(WebInspector.Script.prototype.setSourceMapping):
(WebInspector.Script.prototype.createLiveLocation):
(WebInspector.Script.Location.prototype.update):
* inspector/front-end/ScriptMapping.js:
(WebInspector.LiveLocation):
(WebInspector.LiveLocation.prototype.update):
(WebInspector.LiveLocation.prototype.dispose):
* inspector/front-end/ScriptsPanel.js:
(WebInspector.ScriptsPanel.prototype._consoleCommandEvaluatedInSelectedCallFrame):
(WebInspector.ScriptsPanel.prototype._debuggerPaused):
(WebInspector.ScriptsPanel.prototype._callFrameSelected):
(WebInspector.ScriptsPanel.prototype._toggleBreakpointsClicked):
* inspector/front-end/UISourceCode.js:
2012-04-25 Yury Semikhatsky <yurys@chromium.org>
Web Inspector: use composite node provider for diff nodes in heap profiler
https://bugs.webkit.org/show_bug.cgi?id=84849
Inroduced HeapSnapshotDiffNodesProvider which is basically a composite provider
combining providers for added and deleted nodes. This allowed to remove custom
implementation of HeapSnapshotGridNode.prototype.populateChildren.
Reviewed by Pavel Feldman.
* inspector/front-end/HeapSnapshot.js:
(WebInspector.HeapSnapshotNodesProvider.prototype.sort.sortByNodeField): moved index assignment to sortByComparator
so that it is done only once.
(WebInspector.HeapSnapshotNodesProvider.prototype.sort.sortByComparator):
(WebInspector.HeapSnapshotNodesProvider.prototype.sort):
* inspector/front-end/HeapSnapshotGridNodes.js:
(WebInspector.HeapSnapshotGridNode):
(WebInspector.HeapSnapshotGridNode.prototype.populateChildren.callSerialize):
(WebInspector.HeapSnapshotGridNode.prototype.populateChildren.childrenRetrieved.notify):
(WebInspector.HeapSnapshotGridNode.prototype.populateChildren.childrenRetrieved):
(WebInspector.HeapSnapshotGridNode.prototype.populateChildren):
(WebInspector.HeapSnapshotGridNode.prototype.sort.afterSort):
(WebInspector.HeapSnapshotGridNode.prototype.sort):
(WebInspector.HeapSnapshotDiffNodesProvider):
(WebInspector.HeapSnapshotDiffNodesProvider.prototype.dispose):
(WebInspector.HeapSnapshotDiffNodesProvider.prototype.isEmpty):
(WebInspector.HeapSnapshotDiffNodesProvider.prototype.serializeNextItems):
(WebInspector.HeapSnapshotDiffNodesProvider.prototype.serializeNextItems.didReceiveDeletedItems):
(WebInspector.HeapSnapshotDiffNodesProvider.prototype.serializeNextItems.didReceiveAddedItems):
(WebInspector.HeapSnapshotDiffNodesProvider.prototype.sortAndRewind.afterSort):
(WebInspector.HeapSnapshotDiffNodesProvider.prototype.sortAndRewind):
(WebInspector.HeapSnapshotDiffNode):
(WebInspector.HeapSnapshotDiffNode._createProvider):
(WebInspector.HeapSnapshotDiffNode.prototype._createChildNode):
2012-04-25 Nikolas Zimmermann <nzimmermann@rim.com>
Refactor to/from/animatedType creation, to share more code between animators
https://bugs.webkit.org/show_bug.cgi?id=84846
Reviewed by Antti Koivisto.
Share more code bewteen animators, doesn't change functionality yet, except for one bug in SVGAnimatedString.
SVGAnimatedString used to mutate the from/to values during animation, leading to problems in animate-element-31-t.svg.
It now needs a rebaseline, now that this bug is fixed as side-effect.
* svg/SVGAnimateColorElement.cpp:
(WebCore::attributeValueIsCurrentColor):
(WebCore::SVGAnimateColorElement::determinePropertyValueTypes):
(WebCore):
* svg/SVGAnimateColorElement.h:
(SVGAnimateColorElement):
* svg/SVGAnimateElement.cpp:
(WebCore::SVGAnimateElement::SVGAnimateElement):
* svg/SVGAnimateElement.h:
(SVGAnimateElement):
* svg/SVGAnimatedAngle.cpp:
(WebCore::SVGAnimatedAngleAnimator::calculateAnimatedValue):
* svg/SVGAnimatedBoolean.cpp:
(WebCore::SVGAnimatedBooleanAnimator::calculateAnimatedValue):
* svg/SVGAnimatedColor.cpp:
(WebCore::adjustForCurrentColor):
(WebCore):
(WebCore::parseColorFromString):
(WebCore::SVGAnimatedColorAnimator::calculateAnimatedValue):
* svg/SVGAnimatedEnumeration.cpp:
(WebCore::SVGAnimatedEnumerationAnimator::calculateAnimatedValue):
* svg/SVGAnimatedInteger.cpp:
(WebCore::SVGAnimatedIntegerAnimator::calculateAnimatedInteger):
(WebCore::SVGAnimatedIntegerAnimator::calculateAnimatedValue):
* svg/SVGAnimatedIntegerOptionalInteger.cpp:
(WebCore::SVGAnimatedIntegerOptionalIntegerAnimator::calculateAnimatedValue):
* svg/SVGAnimatedLength.cpp:
(WebCore::parseLengthFromString):
(WebCore):
(WebCore::SVGAnimatedLengthAnimator::calculateAnimatedValue):
* svg/SVGAnimatedLengthList.cpp:
(WebCore::parseLengthListFromString):
(WebCore):
(WebCore::SVGAnimatedLengthListAnimator::calculateAnimatedValue):
* svg/SVGAnimatedNumber.cpp:
(WebCore::parseNumberFromString):
(WebCore):
(WebCore::SVGAnimatedNumberAnimator::calculateAnimatedValue):
* svg/SVGAnimatedNumberList.cpp:
(WebCore::SVGAnimatedNumberListAnimator::calculateAnimatedValue):
* svg/SVGAnimatedNumberOptionalNumber.cpp:
(WebCore::SVGAnimatedNumberOptionalNumberAnimator::calculateAnimatedValue):
* svg/SVGAnimatedPointList.cpp:
(WebCore::SVGAnimatedPointListAnimator::calculateAnimatedValue):
* svg/SVGAnimatedPreserveAspectRatio.cpp:
(WebCore::SVGAnimatedPreserveAspectRatioAnimator::calculateAnimatedValue):
* svg/SVGAnimatedRect.cpp:
(WebCore::SVGAnimatedRectAnimator::calculateAnimatedValue):
* svg/SVGAnimatedString.cpp:
(WebCore::parseStringFromString):
(WebCore):
(WebCore::SVGAnimatedStringAnimator::calculateAnimatedValue):
* svg/SVGAnimatedTransformList.cpp:
(WebCore::SVGAnimatedTransformListAnimator::calculateAnimatedValue):
* svg/SVGAnimationElement.cpp:
(WebCore::SVGAnimationElement::SVGAnimationElement):
(WebCore::SVGAnimationElement::adjustForInheritance):
(WebCore):
(WebCore::inheritsFromProperty):
(WebCore::SVGAnimationElement::determinePropertyValueTypes):
* svg/SVGAnimationElement.h:
(WebCore::SVGAnimationElement::fromPropertyValueType):
(WebCore::SVGAnimationElement::toPropertyValueType):
(SVGAnimationElement):
(WebCore::SVGAnimationElement::adjustForInheritance):
(WebCore::SVGAnimationElement::adjustFromToValues):
(WebCore::SVGAnimationElement::adjustFromToListValues):
2012-04-25 Nikolas Zimmermann <nzimmermann@rim.com>
Share single calculateFromToValues/calculateFromByValues between all SVGAnimatedTypeAnimators
https://bugs.webkit.org/show_bug.cgi?id=84832
Reviewed by Antti Koivisto.
calculateFromAndToValues / calculateFromAndByValues don't need to be spread across all SVGAnimatedTypeAnimators.
Centralize these new implementations in SVGAnimatedTypeAnimator.h. Refactored addAnimatedTypes() from constructFromAndByValues.
calculateFromAndToValues:
from = constructFromString(fromString)
to = constructFromString(toString)
calculateFromAndByValues:
from = constructFromString(fromString)
to = constructFromString(byString)
addAnimatedTypes(from, to)
Doesn't affect any tests, just refactors code.
* svg/SVGAnimateElement.cpp:
(WebCore::SVGAnimateElement::calculateFromAndToValues):
(WebCore::SVGAnimateElement::calculateFromAndByValues):
* svg/SVGAnimatedAngle.cpp:
(WebCore::SVGAnimatedAngleAnimator::addAnimatedTypes):
* svg/SVGAnimatedAngle.h:
(SVGAnimatedAngleAnimator):
* svg/SVGAnimatedBoolean.cpp:
(WebCore::SVGAnimatedBooleanAnimator::addAnimatedTypes):
* svg/SVGAnimatedBoolean.h:
(SVGAnimatedBooleanAnimator):
* svg/SVGAnimatedColor.cpp:
(WebCore::SVGAnimatedColorAnimator::addAnimatedTypes):
* svg/SVGAnimatedColor.h:
(SVGAnimatedColorAnimator):
* svg/SVGAnimatedEnumeration.cpp:
(WebCore::SVGAnimatedEnumerationAnimator::addAnimatedTypes):
* svg/SVGAnimatedEnumeration.h:
(SVGAnimatedEnumerationAnimator):
* svg/SVGAnimatedInteger.cpp:
(WebCore::SVGAnimatedIntegerAnimator::addAnimatedTypes):
* svg/SVGAnimatedInteger.h:
(SVGAnimatedIntegerAnimator):
* svg/SVGAnimatedIntegerOptionalInteger.cpp:
(WebCore::SVGAnimatedIntegerOptionalIntegerAnimator::addAnimatedTypes):
* svg/SVGAnimatedIntegerOptionalInteger.h:
(SVGAnimatedIntegerOptionalIntegerAnimator):
* svg/SVGAnimatedLength.cpp:
(WebCore::SVGAnimatedLengthAnimator::addAnimatedTypes):
* svg/SVGAnimatedLength.h:
(SVGAnimatedLengthAnimator):
* svg/SVGAnimatedLengthList.cpp:
(WebCore::SVGAnimatedLengthListAnimator::addAnimatedTypes):
* svg/SVGAnimatedLengthList.h:
(SVGAnimatedLengthListAnimator):
* svg/SVGAnimatedNumber.cpp:
(WebCore::SVGAnimatedNumberAnimator::addAnimatedTypes):
* svg/SVGAnimatedNumber.h:
(SVGAnimatedNumberAnimator):
* svg/SVGAnimatedNumberList.cpp:
(WebCore::SVGAnimatedNumberListAnimator::addAnimatedTypes):
* svg/SVGAnimatedNumberList.h:
(SVGAnimatedNumberListAnimator):
* svg/SVGAnimatedNumberOptionalNumber.cpp:
(WebCore::SVGAnimatedNumberOptionalNumberAnimator::addAnimatedTypes):
* svg/SVGAnimatedNumberOptionalNumber.h:
(SVGAnimatedNumberOptionalNumberAnimator):
* svg/SVGAnimatedPath.cpp:
(WebCore::SVGAnimatedPathAnimator::constructFromString):
(WebCore::SVGAnimatedPathAnimator::addAnimatedTypes):
* svg/SVGAnimatedPath.h:
(SVGAnimatedPathAnimator):
* svg/SVGAnimatedPointList.cpp:
(WebCore::SVGAnimatedPointListAnimator::addAnimatedTypes):
* svg/SVGAnimatedPointList.h:
(SVGAnimatedPointListAnimator):
* svg/SVGAnimatedPreserveAspectRatio.cpp:
(WebCore::SVGAnimatedPreserveAspectRatioAnimator::addAnimatedTypes):
* svg/SVGAnimatedPreserveAspectRatio.h:
(SVGAnimatedPreserveAspectRatioAnimator):
* svg/SVGAnimatedRect.cpp:
(WebCore::SVGAnimatedRectAnimator::addAnimatedTypes):
* svg/SVGAnimatedRect.h:
(SVGAnimatedRectAnimator):
* svg/SVGAnimatedString.cpp:
(WebCore::SVGAnimatedStringAnimator::addAnimatedTypes):
* svg/SVGAnimatedString.h:
(SVGAnimatedStringAnimator):
* svg/SVGAnimatedTransformList.cpp:
(WebCore::SVGAnimatedTransformListAnimator::SVGAnimatedTransformListAnimator):
(WebCore::SVGAnimatedTransformListAnimator::constructFromString):
(WebCore::SVGAnimatedTransformListAnimator::addAnimatedTypes):
(WebCore::SVGAnimatedTransformListAnimator::calculateDistance):
* svg/SVGAnimatedTransformList.h:
(SVGAnimatedTransformListAnimator):
* svg/SVGAnimatedTypeAnimator.h:
(SVGAnimatedTypeAnimator):
(WebCore::SVGAnimatedTypeAnimator::calculateFromAndToValues):
(WebCore::SVGAnimatedTypeAnimator::calculateFromAndByValues):
(WebCore::SVGAnimatedTypeAnimator::setContextElement):
2012-04-25 Andreas Kling <kling@webkit.org>
Shrink RenderText by 8 bytes on 64-bit.
<http://webkit.org/b/84828>
Reviewed by Maciej Stachowiak.
Reorder the members so that the bits in RenderText falls into the padding at
the end of RenderObject on 64-bit. Updated the compile-time size assertion to
account for the new object structure.
This shrinks RenderText from 104 to 96 bytes on 64-bit release builds.
* rendering/RenderText.cpp:
(SameSizeAsRenderText):
(WebCore::RenderText::RenderText):
* rendering/RenderText.h:
(RenderText):
2012-04-25 Raymond Toy <rtoy@google.com>
No audio from MediaElementAudioSourceNode
https://bugs.webkit.org/show_bug.cgi?id=84669
MediaElementAudioSourceNode needs custom propagatesSilence() to
return false to indicate the node never propagates silence.
Reviewed by Chris Rogers.
* Modules/webaudio/MediaElementAudioSourceNode.h:
(MediaElementAudioSourceNode): Add propagatesSilence().
2012-04-25 Xianzhu Wang <wangxianzhu@chromium.org>
Web Inspector: Incorrect highlight position of inspected element in a scrolled page
https://bugs.webkit.org/show_bug.cgi?id=84755
Reviewed by Pavel Feldman.
Test: inspector/elements/highlight-node-scroll.html
* inspector/DOMNodeHighlighter.cpp: Ensures the highlight position is in page coordinates.
2012-04-24 Yury Semikhatsky <yurys@chromium.org>
Unreviewed. Revert part of the change r115063 which commented out
real worker creation. It was commited by mistake.
* inspector/front-end/HeapSnapshotProxy.js:
(WebInspector.HeapSnapshotWorker):
2012-04-24 Jon Lee <jonlee@apple.com>
New Notification constructor do not take into account security origin permissions
https://bugs.webkit.org/show_bug.cgi?id=84825
<rdar://problem/11315405>
Reviewed by Darin Adler.
Tests requires support for notifications on Mac (see 79492).
When the task timer fires, we should check to see that the notification has permission
to show. If not, we fire the onError event.
* notifications/Notification.cpp:
(WebCore::Notification::Notification): Since the timer may show, or call the onerror event,
we rename it from m_showTaskTimer. to m_taskTimer.
(WebCore::Notification::dispatchErrorEvent): The default constructor of ErrorEvent doesn't
create the proper event object. Create it using Event::create().
(WebCore::Notification::taskTimerFired): Check to see that we have permission first.
* notifications/Notification.h:
(Notification):
2012-04-24 Simon Fraser <simon.fraser@apple.com>
Add a logging channel and some ouput for compositing
https://bugs.webkit.org/show_bug.cgi?id=84817
Reviewed by Darin Adler.
Add a logging channel called "Compositing".
Output useful information to this channel, including
a line for each composited layer, its composited bounds,
the reason it was composited, the backing store megapixels,
and a count of total composited layers and total backing
store megapixels.
* platform/Logging.cpp:
(WebCore):
(WebCore::getChannelFromName):
* platform/Logging.h:
(WebCore):
* platform/graphics/GraphicsLayer.cpp:
(WebCore::GraphicsLayer::backingStoreArea):
* platform/graphics/GraphicsLayer.h:
(GraphicsLayer):
* platform/graphics/ca/GraphicsLayerCA.cpp:
(WebCore::GraphicsLayerCA::backingStoreArea):
(WebCore):
* platform/graphics/ca/GraphicsLayerCA.h:
(GraphicsLayerCA):
* platform/mac/LoggingMac.mm:
(WebCore::initializeLoggingChannelsIfNecessary):
* rendering/RenderLayerBacking.cpp:
(WebCore::RenderLayerBacking::nameForLayer):
(WebCore::RenderLayerBacking::backingStoreArea):
(WebCore):
* rendering/RenderLayerBacking.h:
(RenderLayerBacking):
* rendering/RenderLayerCompositor.cpp:
(WebCore):
(WebCore::compositingLogEnabled):
(WebCore::RenderLayerCompositor::RenderLayerCompositor):
(WebCore::RenderLayerCompositor::updateCompositingLayers):
(WebCore::RenderLayerCompositor::logCompositingInfo):
(WebCore::RenderLayerCompositor::rebuildCompositingLayerTree):
(WebCore::RenderLayerCompositor::updateLayerTreeGeometry):
(WebCore::RenderLayerCompositor::reasonForCompositing):
* rendering/RenderLayerCompositor.h:
(RenderLayerCompositor):
2012-04-24 Kulanthaivel Palanichamy <kulanthaivel@codeaurora.org>
getMatchedCSSRules() should return null when the second argument is an unrecognized pseudo-element name
https://bugs.webkit.org/show_bug.cgi?id=83298
Reviewed by Ojan Vafai.
I couldn't find any specification or any meaningful discussion on this API, but I
assume that it shouldn't be any different from window.getComputedStyle()
as far as the parameters are concerned.
Test: fast/dom/Window/getMatchedCSSRules-with-invalid-pseudo-elements.html
* page/DOMWindow.cpp:
(WebCore::DOMWindow::getMatchedCSSRules):
* page/DOMWindow.idl:
2012-04-24 Anders Carlsson <andersca@apple.com>
overflow: hidden on the main frame is broken with threaded scrolling
https://bugs.webkit.org/show_bug.cgi?id=84819
<rdar://problem/10920677>
Reviewed by Darin Adler.
Pass along the horizontal and vertical scrollbar modes to the scrolling tree and use it
to determine if wheel events should be handled or not. This matches what we do for non-threaded scrolling.
* page/scrolling/ScrollingCoordinator.cpp:
(WebCore::ScrollingCoordinator::frameViewLayoutUpdated):
(WebCore::ScrollingCoordinator::setScrollParameters):
* page/scrolling/ScrollingCoordinator.h:
(ScrollParameters):
* page/scrolling/ScrollingTreeNode.cpp:
(WebCore::ScrollingTreeNode::ScrollingTreeNode):
(WebCore::ScrollingTreeNode::update):
* page/scrolling/ScrollingTreeNode.h:
(WebCore::ScrollingTreeNode::canHaveScrollbars):
(ScrollingTreeNode):
* page/scrolling/ScrollingTreeState.cpp:
(WebCore::ScrollingTreeState::ScrollingTreeState):
(WebCore::ScrollingTreeState::setHorizontalScrollbarMode):
(WebCore):
(WebCore::ScrollingTreeState::setVerticalScrollbarMode):
* page/scrolling/ScrollingTreeState.h:
(WebCore::ScrollingTreeState::horizontalScrollbarMode):
(ScrollingTreeState):
(WebCore::ScrollingTreeState::verticalScrollbarMode):
* page/scrolling/mac/ScrollingTreeNodeMac.mm:
(WebCore::ScrollingTreeNodeMac::handleWheelEvent):
2012-04-24 Adrienne Walker <enne@google.com>
[chromium] Don't call calculateRenderPasses in CCLayerTreeHostImpl::scrollBegin()
https://bugs.webkit.org/show_bug.cgi?id=84807
Reviewed by James Robinson.
Instead of calculate render passes and quads and tracking damage,
simply calculate the updated render layer list, which is what is
needed for scrolling. This prevents a willDraw/didDraw mismatch on
layers.
* platform/graphics/chromium/cc/CCLayerTreeHostImpl.cpp:
(WebCore::CCLayerTreeHostImpl::calculateRenderSurfaceLayerList):
(WebCore):
(WebCore::CCLayerTreeHostImpl::calculateRenderPasses):
(WebCore::CCLayerTreeHostImpl::ensureMostRecentRenderSurfaceLayerList):
* platform/graphics/chromium/cc/CCLayerTreeHostImpl.h:
(CCLayerTreeHostImpl):
2012-04-24 Dana Jansens <danakj@chromium.org>
[chromium] Unbounded draws should use clip to limit their damage to opaque tracking
https://bugs.webkit.org/show_bug.cgi?id=84494
Reviewed by Adrienne Walker.
Unit test: PlatformContextSkiaTest.UnboundedDrawsAreClipped
* platform/graphics/skia/OpaqueRegionSkia.cpp:
(WebCore::OpaqueRegionSkia::didDrawRect):
(WebCore::OpaqueRegionSkia::didDrawPath):
(WebCore::OpaqueRegionSkia::didDrawPoints):
(WebCore::OpaqueRegionSkia::didDrawBounded):
(WebCore::OpaqueRegionSkia::didDrawUnbounded):
* platform/graphics/skia/OpaqueRegionSkia.h:
(OpaqueRegionSkia):
2012-04-24 Alexis Menard <alexis.menard@openbossa.org>
Implement createTBody for table element.
https://bugs.webkit.org/show_bug.cgi?id=84465
Reviewed by Ojan Vafai.
Implement createTBody of table element to allow creating tbodies from JS.
It's following the specification http://dev.w3.org/html5/spec/the-table-element.html#dom-table-createtbody.
Tests: fast/table/table-create-tbody-existing-tbody.html
fast/table/table-create-tbody-multiple-tbody.html
fast/table/table-create-tbody.html
* html/HTMLTableElement.cpp:
(WebCore::HTMLTableElement::createTBody):
(WebCore):
* html/HTMLTableElement.h:
(HTMLTableElement):
* html/HTMLTableElement.idl:
2012-04-24 Anders Carlsson <andersca@apple.com>
ScrollingCoordinator::setScrollParameters should take a single struct
https://bugs.webkit.org/show_bug.cgi?id=84816
Reviewed by Andreas Kling.
* page/scrolling/ScrollingCoordinator.cpp:
(WebCore::ScrollingCoordinator::frameViewLayoutUpdated):
(WebCore::ScrollingCoordinator::setScrollParameters):
* page/scrolling/ScrollingCoordinator.h:
(ScrollingCoordinator):
(ScrollParameters):
* page/scrolling/ScrollingCoordinatorNone.cpp:
(WebCore::ScrollingCoordinator::setScrollParameters):
* page/scrolling/chromium/ScrollingCoordinatorChromium.cpp:
(WebCore::ScrollingCoordinator::setScrollParameters):
2012-04-24 Adam Klein <adamk@chromium.org>
Remove unused undefined() method from ScriptValue
https://bugs.webkit.org/show_bug.cgi?id=84751
Reviewed by Kentaro Hara.
* bindings/js/ScriptValue.h:
(ScriptValue):
* bindings/v8/ScriptValue.h:
(ScriptValue):
2012-04-24 Yong Li <yoli@rim.com>
ASSERT failure in RenderLayer::computeRepaintRects
https://bugs.webkit.org/show_bug.cgi?id=84480
Reviewed by Simon Fraser.
Update visibility status if necessary before updating
compositing state in RenderLayer::styleChanged().
No new tests because this is obviously right thing to do
and creating new test seems too much for this small change.
* rendering/RenderLayer.cpp:
(WebCore::RenderLayer::styleChanged):
2012-04-24 Kent Tamura <tkent@chromium.org>
Calendar Picker: Open a calendar picker by keyboard operation
https://bugs.webkit.org/show_bug.cgi?id=84680
Reviewed by Kentaro Hara.
- Open a calendar picker by the down arrow key.
- Remove stepping down/up by keyboard and wheel operations.
This behavior was for text fields with spin buttons. Because the date
type doesn't have spin buttons, we should remove this behavior.
No new tests for opening a calendar picker. This behavior is not
testable by DRT yet. For removal of stepping up/down,
fast/forms/date/date-stepup-stepdown-from-renderer.html is updated.
* html/BaseDateAndTimeInputType.cpp:
(WebCore::BaseDateAndTimeInputType::handleKeydownEvent):
Check shouldHaveSpinButton() before spin button key operations.
(WebCore::BaseDateAndTimeInputType::handleWheelEvent):
Check shouldHaveSpinButton() before spin button wheel operations.
* html/BaseDateAndTimeInputType.h:
(BaseDateAndTimeInputType):
Make handleKeydownEvent() protected because a subclass overrides it.
* html/DateInputType.cpp:
(WebCore::DateInputType::handleKeydownEvent):
Open a calendar picker by the down arrow key.
* html/DateInputType.h:
(DateInputType): Add handleKeydownEvent() declaration.
* html/shadow/CalendarPickerElement.h:
(CalendarPickerElement): Make openPopup() public because DateInputType calls it.
2012-04-24 Sheriff Bot <webkit.review.bot@gmail.com>
Unreviewed, rolling out r115099, r115102, and r115127.
http://trac.webkit.org/changeset/115099http://trac.webkit.org/changeset/115102http://trac.webkit.org/changeset/115127https://bugs.webkit.org/show_bug.cgi?id=84809
Made html5lib/runner.html crash, spot fix didn't help so
rolling out so original author can do over. (Requested by
kling on #webkit).
* dom/Element.cpp:
(WebCore::Element::parserSetAttributes):
(WebCore::Element::normalizeAttributes):
* dom/Element.h:
(Element):
* dom/ElementAttributeData.cpp:
(WebCore::AttributeVector::removeAttribute):
(WebCore):
* dom/ElementAttributeData.h:
(AttributeVector):
(WebCore::AttributeVector::AttributeVector):
(WebCore):
(WebCore::AttributeVector::getAttributeItem):
(WebCore::AttributeVector::getAttributeItemIndex):
(WebCore::AttributeVector::insertAttribute):
(WebCore::ElementAttributeData::getAttributeItem):
(WebCore::ElementAttributeData::getAttributeItemIndex):
(WebCore::ElementAttributeData::attributeVector):
(WebCore::ElementAttributeData::clonedAttributeVector):
(ElementAttributeData):
* html/parser/HTMLConstructionSite.cpp:
(WebCore::HTMLConstructionSite::createHTMLElementFromSavedElement):
* html/parser/HTMLToken.h:
(WebCore::AtomicHTMLToken::AtomicHTMLToken):
* html/parser/HTMLTreeBuilder.cpp:
(WebCore::HTMLTreeBuilder::processFakeStartTag):
(WebCore::HTMLTreeBuilder::attributesForIsindexInput):
* html/parser/HTMLTreeBuilder.h:
* html/parser/TextDocumentParser.cpp:
(WebCore::TextDocumentParser::insertFakePreElement):
* xml/XMLErrors.cpp:
(WebCore::createXHTMLParserErrorHeader):
(WebCore::XMLErrors::insertErrorMessageBlock):
* xml/parser/MarkupTokenBase.h:
(WebCore::AtomicMarkupTokenBase::AtomicMarkupTokenBase):
(WebCore::AtomicMarkupTokenBase::getAttributeItem):
(WebCore::AtomicMarkupTokenBase::attributes):
(AtomicMarkupTokenBase):
(WebCore::::initializeAttributes):
* xml/parser/XMLToken.h:
(WebCore::AtomicXMLToken::AtomicXMLToken):
2012-04-24 Jeffrey Pfau <jpfau@apple.com>
Prevent drag and drop from setting file URLs
https://bugs.webkit.org/show_bug.cgi?id=76596
Reviewed by Enrica Casucci.
Blacklisted file URLs from being set via dataTransfer.setData for specific types.
* platform/mac/ClipboardMac.mm:
(WebCore::ClipboardMac::setData):
2012-04-24 Enrica Casucci <enrica@apple.com>
REGRESSION (r109022) Safari not placing service data on pasteboard.
https://bugs.webkit.org/show_bug.cgi?id=84766
<rdar://problem/11085756>
The support for OS X services requires that the write operations to
the pasteboard occur synchronously. This behavior was changed with r109022.
This change removes the original synchronous call to the WebProcess to perform
the pasteboard write that had become asynchronous after r109022.
It implements instead a synchronous call to retrive the content to be placed
in the pasteboard.
Reviewed by Alexey Proskuryakov.
* WebCore.exp.in:
* editing/Editor.h:
* editing/mac/EditorMac.mm:
(WebCore::Editor::writeSelectionToPasteboard):
(WebCore::Editor::stringSelectionForPasteboard): Added.
(WebCore::Editor::dataSelectionForPasteboard): Added.
* platform/Pasteboard.h:
* platform/mac/PasteboardMac.mm:
(WebCore::Pasteboard::getStringSelection): Added.
(WebCore::Pasteboard::getDataSelection): Added.
(WebCore::Pasteboard::writeSelectionForTypes):
(WebCore::Pasteboard::writeSelection):
2012-04-24 Dana Jansens <danakj@chromium.org>
[chromium] Image masks are considered opaque incorrectly
https://bugs.webkit.org/show_bug.cgi?id=84275
Reviewed by Adrienne Walker.
Match the behaviour of SkCanvas layers more closely while tracking
opaque paints. SkCanvas layers actually act as a separate device
(ie. pixels) and when the layer is popped off, the pixels are copied
down to the layer below.
While we can use the total clip to decide what pixels the the
drawing operation will affect in the final device, the blending
down through layers needs to consider each layer carefully.
In this case the image mask is drawn into a layer which is copied
down using the DestinationIn operation. Since the layer contains
non-opaque pixels, the DestinationIn copy can destroy opaque
areas in the next layer. We add OpaqueRegionSkia::FillByCopy to
distinguish the case where we are copying a block of pixels, and the
alpha values are essentially unknown.
Unit test: PlatformContextSkiaTest.trackImageMask
PlatformContextSkiaTest.trackImageMaskWithOpaqueRect
* platform/graphics/skia/OpaqueRegionSkia.cpp:
(WebCore::paintIsOpaque):
(WebCore::OpaqueRegionSkia::applyOpaqueRegionFromLayer):
(WebCore::OpaqueRegionSkia::pushCanvasLayer):
(WebCore::OpaqueRegionSkia::popCanvasLayer):
(WebCore::OpaqueRegionSkia::didDrawRect):
(WebCore::OpaqueRegionSkia::didDrawPath):
(WebCore::OpaqueRegionSkia::didDrawPoints):
(WebCore::OpaqueRegionSkia::didDrawBounded):
(WebCore::OpaqueRegionSkia::didDraw):
(WebCore::OpaqueRegionSkia::didDrawUnbounded):
(WebCore::OpaqueRegionSkia::markRectAsOpaque):
(WebCore::OpaqueRegionSkia::markRectAsNonOpaque):
(WebCore::OpaqueRegionSkia::markAllAsNonOpaque):
* platform/graphics/skia/OpaqueRegionSkia.h:
(OpaqueRegionSkia):
(CanvasLayerState):
* platform/graphics/skia/PlatformContextSkia.cpp:
(WebCore::PlatformContextSkia::restoreLayer):
2012-04-24 Alexandru Chiculita <achicu@adobe.com>
CSS Shaders: Repainting the FECustomFilter requires full source image
https://bugs.webkit.org/show_bug.cgi?id=76689
Reviewed by Dean Jackson..
When a pixel of a filtered layer changes we need to update the whole bounding box of the layer and
not just the dirty rectangle. That's because the shader might change the color of any of the pixels inside the box.
Added tests where a shader is moving and rotating the contents and the actual
dirty box of the source image is not the same as the output dirty rectangle.
Tests: css3/filters/custom/filter-repaint-custom-clipped.html
css3/filters/custom/filter-repaint-custom-rotated.html
css3/filters/custom/filter-repaint-custom.html
* rendering/FilterEffectRenderer.cpp:
(WebCore::FilterEffectRenderer::FilterEffectRenderer):
(WebCore::FilterEffectRenderer::build):
(WebCore::FilterEffectRenderer::computeSourceImageRectForDirtyRect):
* rendering/FilterEffectRenderer.h:
(FilterEffectRenderer):
(WebCore::FilterEffectRenderer::hasCustomShaderFilter):
* rendering/RenderLayer.cpp:
(WebCore::RenderLayer::setFilterBackendNeedsRepaintingInRect):
2012-04-24 Alexis Menard <alexis.menard@openbossa.org>
Replace occurences of style selector from variables and methods names by style resolver.
https://bugs.webkit.org/show_bug.cgi?id=84765
Reviewed by Andreas Kling.
Rename methods and variables to follow the new name StyleResolver. It requires to update the
local variables, methods parameters, and function names to match the new name and to remove
the concept of "selector" to avoid clashing with the CSS concept. The next and last patch
will be to rename CSSStyleSelector file and update the includes.
No new tests : just renaming the variables and method names. No behavior changes expected.
* css/CSSFontSelector.cpp:
(WebCore::CSSFontSelector::dispatchInvalidationCallbacks):
* css/CSSGradientValue.cpp:
(WebCore::CSSGradientValue::addStops):
* css/CSSPageRule.cpp:
(WebCore::CSSPageRule::setSelectorText):
* css/CSSStyleRule.cpp:
(WebCore::CSSStyleRule::setSelectorText):
* css/CSSStyleSheet.cpp:
(WebCore::StyleSheetInternal::styleSheetChanged):
* css/MediaQueryEvaluator.cpp:
(WebCore::MediaQueryEvaluator::eval):
* css/MediaQueryMatcher.cpp:
(WebCore::MediaQueryMatcher::prepareEvaluator):
(WebCore::MediaQueryMatcher::styleResolverChanged):
* css/MediaQueryMatcher.h:
(MediaQueryMatcher):
* css/PropertySetCSSStyleDeclaration.cpp:
(WebCore::StyleRuleCSSStyleDeclaration::setNeedsStyleRecalc):
* css/StyleBuilder.cpp:
(WebCore::ApplyPropertyExpanding::applyInheritValue):
(WebCore::ApplyPropertyExpanding::applyInitialValue):
(WebCore::ApplyPropertyExpanding::applyValue):
(WebCore::ApplyPropertyDefaultBase::applyIn